Close
Results 1 to 4 of 4
  1. 03-30-2021, 15:27 #1
    DenverGP
    DenverGP is offline
    Machine Gunner DenverGP's Avatar
    Join Date
    Dec 2013
    Location
    Anna Tx
    Posts
    1,541

    Default Big Ubiquiti data breach

    I saw several people on the Latest Purchase thread talking about using Ubiquiti access points...

    https://krebsonsecurity.com/2021/03/...-catastrophic/

    On Jan. 11, Ubiquiti Inc. - a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras - disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a 'catastrophic' incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
    'Unless a law-abiding individual has a firearm for his or her own defense, the police typically arrive after it is too late. With rigor mortis setting in, they mark and bag the evidence, interview bystanders, and draw a chalk outline on the ground' - Judge Benitez , 2019, Duncan v. Becerra.

    'One of the ordinary modes by which Tyrants accomplish their purpose without resistance is by disarming the people and making it an offense to keep arms.' Supreme Court Justice Joseph Story, 1840.
    Reply With Quote Reply With Quote
  2. 03-30-2021, 18:55 #2
    arbol
    arbol is offline
    Serial Speed Limit Breaker
    Join Date
    Sep 2020
    Location
    Aurora
    Posts
    1,200

    Default

    It's a scary world out there...

    Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
    Reply With Quote Reply With Quote
  3. 03-31-2021, 11:44 #3
    68Charger
    68Charger is offline
    Grand Master Know It All 68Charger's Avatar
    Join Date
    Oct 2008
    Location
    Canton, TX
    Posts
    3,721

    Default

    This is why I hate "Cloud managed" solutions... I want the security to remain behind my firewall, not sent to some other network I have no control over.

    Also I don't give away my SSN at the doctor's office (or any other place that doesn't require it by law or to extend credit)
    ΜΟΛΩΝ ΛΑΒΕ, we are the III%, CIP2, and some other catchphrase meant to aggravate progreSSives who are hell bent on taking rights away...
    Reply With Quote Reply With Quote
  4. 03-31-2021, 12:06 #4
    Sawin
    Sawin is offline
    Grand Master Know It All Sawin's Avatar
    Join Date
    Aug 2011
    Location
    144th & I25
    Posts
    3,922

    Default

    Quote Originally Posted by 68Charger View Post
    This is why I hate "Cloud managed" solutions... I want the security to remain behind my firewall, not sent to some other network I have no control over.

    Also I don't give away my SSN at the doctor's office (or any other place that doesn't require it by law or to extend credit)
    100% agreed
    Please leave any relevant feedback here:
    Sawin - Feedback thread.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules