I saw several people on the Latest Purchase thread talking about using Ubiquiti access points...

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/



On Jan. 11, Ubiquiti Inc. - a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras - disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a 'catastrophic' incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.

It's a scary world out there...

Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

This is why I hate "Cloud managed" solutions... I want the security to remain behind my firewall, not sent to some other network I have no control over.

Also I don't give away my SSN at the doctor's office (or any other place that doesn't require it by law or to extend credit)

This is why I hate "Cloud managed" solutions... I want the security to remain behind my firewall, not sent to some other network I have no control over.

Also I don't give away my SSN at the doctor's office (or any other place that doesn't require it by law or to extend credit)

100% agreed