Ubiquiti users told to change their passwords following security breach

Ubiquiti users told to change their passwords following security breach
Breach occurred at third-party cloud provider used by IoT device manufacturer
Email addresses, names, and hashed and salted passwords exposed

IoT device vendor Ubiquiti has told customers that they should change their passwords after a security breach left user details exposed.

In an email sent to users, router and access point manufacturer Ubiquiti explained that it had recently become aware of a breach at a “third party cloud provider” used by the firm to host some of its infrastructure.

Data that may have been accessed includes:

Customers’ email addresses
Customers’ names
Customers’ hashed and salted passwords
Customers’ addresses and phone numbers (where provided)

What isn’t made clear in the email advisory is whether the exposed data was stumbled across by a security researcher who then informed Ubiquiti, or whether it was accessed by someone with malice in mind.

If malicious hackers were able to use the information to access the profiles of Ubiquiti customers, they would be able to change the settings of the customers’ IoT devices remotely, as well as access the support portal. And if a hacker were not able to determine account passwords from the breached data they would still have been able to use the leaked contact details to target Ubiquiti customers with scams and phishing attacks.

Ubiquiti says that it has not seen any evidence of unauthorised account access as a result of the incident.

However, the company advises that, as a precaution, customers should change their account passwords, and ensure that the same password is not being used anywhere else on the internet.

Far too many people still use the same password in multiple places online, making it easier for hackers to lever ..