Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.
Ubiquiti informed customers in January that it had detected unauthorized access to some IT systems hosted by an unnamed third-party cloud provider. The company said at the time that it had found no evidence user data was compromised, but it could not rule it out so it instructed customers to change their passwords.
Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti “massively downplayed” an incident that was actually “catastrophic,” in an effort to minimize impact on its value on the stock market.
According to Krebs’ source, the attacker gained access to Ubiquiti’s AWS servers and then attempted to extort 50 bitcoin (worth nearly $3 million) from the company to keep quiet about the hack.
The attacker obtained privileged credentials from an Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies,” according to the source. The hacker allegedly could have remotely authenticated to Ubiquiti cloud-based devices.
According to Krebs, Ubiquiti discovered the breach in late December 2020 and later removed a couple of backdoors planted by the attacker — the firm reportedly did not engage with them. The company then started changing employee credentials, and on January 11 it informe ..
Support the originator by clicking the read the rest link below.
