New York City-based IoT device maker Ubiquiti recently disclosed a data breach that was downplayed. After news of the catastrophic data breach, the shares of the company dropped drastically this week.
In January, Ubiquiti informed customers that unauthorized access to certain IT systems hosted by an unidentified third-party cloud provider had been discovered. The company said at the time that it had found no evidence of user data being compromised, but it could not rule it out so it advised the customers to change their passwords.
When Ubiquiti disclosed the security breach, it only had a small impact on its stock and the value of its shares has increased tremendously since, from roughly $250 per share on January 12 to $350 per share on March 30. Ubiquiti shares are now down to $290 at the time of publishing, following the news that the breach may have been bigger than the company led customers and investors to believe.
On Tuesday, March 30, cybersecurity blogger Brian Krebs reported that he discovered from someone involved in the response to the breach that Ubiquiti "massively downplayed" an incident that was actually "catastrophic" in order to reduce the effect on the company's stock market value.
According to Krebs' source, the intruder obtained access to Ubiquiti's AWS servers and then tried to extort 50 bitcoin (worth approximately $3 million) from the company to keep quiet about the hack. As per the source, "the intruder acquired obtained privileged credentials from the Ubiquiti employee’s LastPass account and “gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single s ..
Support the originator by clicking the read the rest link below.
