What Expert Says On IoT Vendor Ubiquiti Recent Breach

By   ISBuzz Team
Writer , Information Security Buzz | Jan 12, 2021 02:07 am PST

Networking equipment and IoT device vendor Ubiquiti Networks has sent out following notification emails to its customers informing them of a recent security breach. 

“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” 

The system in question stores the user profile for ui.com containing names, email addresses, and salted and hashed passwords. 

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Brad Keller
Brad Keller , JD, CTPRP, CTPRA, Chief Strategy Officer
January 12, 2021 10:16 am

<p>While it is difficult based on what has been released to determine what might be the root cause of the unauthorized access, there is one statement that can be made at this time. Outsourcers must ensure that their vendors are properly assessing and managing their own service providers. This appears to be a classic example of a “4<sup>th</sup> party vendor” being the source of the problem. Whether the unauthorized access stems from the failure of the un-named cloud provider to have proper security controls in place or that Ubiquiti failed to properly manage their cloud accounts is yet to be determined.  But the need to assess vendors’ ability to manage <strong>their</strong> outsourced risk is a certainty.</p>

Last edited 2 years ago by Brad Keller
Jake Moore
Jake Moore , Global Cyber Security Advisor
January 12, 2021 10:08 am

<p>As breaches go, this is not as damaging as it could be, but this is yet another blow for cybersecurity, as this is a company which prides itself on security. On the other hand, this does also shine a light on how sophisticated some threat actors are becoming and how every company, whatever size, needs to constantly review its security.</p> <p> </p> <p>Changing passwords really doesn’t have to be a difficult task, especially if a password manager is involved. Multi-factor authentication is vital in current times to give you not only that extra layer of security but also piece of mind due to these inevitable data breaches.</p>

Last edited 2 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x