Ubiquiti Compromised – Change your Password

Lock with keyhole

Ubiquiti, a well-known vendor of Internet of Things (IoT) devices, said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider.”  Common Ubiquiti products used in business environments include UniFi wireless access points.

As of this morning, they were not aware of any databases hosting user data being accessed, but they are not certain that data, including name, email address, and passwords were not exposed.

Safety Net standard Unifi wireless implementations only use a local server or appliance-based controller.  We do not configure cloud or web access to the wireless infrastructure, therefore this potential compromise should not impact our client organizations at this time.  However, if you use Ubiquiti products on your home network, you should change your password.  Whenever it is an option, we always recommend enabling two-factor authentication as an extra layer of protection.

To manage your security settings on these home devices, log in to https://account.ui.com, click “Security” on the left-hand menu.

This message was sent to Ubiquiti customers today:

Notice from Ubiquiti to customers