Cyber Incident Victim: Ubiquiti Networks
Date:
Jan 2021
Location:
United States of America
Summary
A cybersecurity incident at a networking device manufacturer involved unauthorized access to systems hosted by a third-party cloud provider, prompting customer notifications to change passwords and enable two-factor authentication. The company stated it had no evidence of direct account compromises or confirmed database breaches but acknowledged potential exposure of customer information, including names, email addresses, hashed and salted passwords, and optionally provided addresses or phone numbers. The disclosure followed a recent unrelated outage affecting the cloud management platform, though no connection between the events was established.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 11, 2021, Ubiquiti, a prominent networking device manufacturer known for its UniFi product line and cloud management platform, notified customers of a security incident involving unauthorized access to its systems hosted by a third-party cloud provider. The company disclosed the breach via email, urging users to change their passwords and enable two-factor authentication (2FA) as a precautionary measure. Ubiquiti stated it had no evidence of unauthorized activity within user accounts but could not definitively rule out exposure of customer data. Potentially compromised information included names, email addresses, and one-way encrypted passwords (hashed and salted), along with physical addresses and phone numbers if provided by customers. The company emphasized uncertainty regarding whether attackers accessed databases storing this user data, reflecting limited visibility into the breach's scope during initial investigations. This incident followed a separate, widespread outage of Ubiquiti’s UniFi cloud management platform days earlier, which disrupted web and mobile app access for device management. Ubiquiti did not confirm whether the outage and breach were related.
Customer frustration escalated due to Ubiquiti’s requirement for cloud accounts to manage locally installed devices, a design choice that heightened exposure risks during cloud service compromises. The outage preceding the breach announcement prevented users from accessing management interfaces, compounding operational disruptions. Ubiquiti’s communication provided no specifics about attacker entry points, duration of access, or forensic findings, leaving customers reliant on generic security recommendations. BleepingComputer contacted Ubiquiti for clarification on the incident’s relation to the outage but received no response. The company’s advisory highlighted dependencies on third-party cloud infrastructure while underscoring gaps in breach impact certainty, particularly regarding customer data exposure. No evidence of malicious account activity was identified at the time of notification.