Ubiquiti, the company from which I bought network equipment because I wanted a Wi-Fi totally under my control, now tells me that something may not be under my control after all: the basic information of my account. According to an email being sent to users today, an “outsourced cloud provider” was accessed by an unauthorized user and that provider may have some of our data.
Although the company says it found no evidence that our user data was accessed, it also “cannot be sure that the user data has not been exposed”. The potential data at risk will be familiar if you have received these types of e-mails before: names, e-mails, phone numbers, addresses and passwords (encrypted, probably unreadable). You will want to change your password now.
It doesn’t seem like such a bad breach, but it’s annoying news to hear from a company that prides itself on providing control to users. If I wanted my data on someone else’s server, I could have chosen a router that would give me some benefit, like plug-and-play configuration. It seems that it is difficult to escape the customer information database.
The full text of the email, which can also be seen on the Ubiquiti forums, is below:
We recently became aware of unauthorized access to some of our information technology systems hosted by a third-party cloud provider. We have no indication that there has been unauthorized activity in relation to any user’s account.
We are currently unaware of evidence of access to databases that host user data, but we cannot be sure that user data has not been exposed. This data may include your name, email address and one-sided encrypted password for your account (in technical terms, passwords are hashed and salted). The data may also include your address and telephone number, if you have provided it to us.
As a precaution, we recommend that you change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts, if you have not already done so.
We apologize and deeply regret any inconvenience this may cause. We take the security of your information very seriously and appreciate your continued trust.
Thanks,
Ubiquiti Team