Ubiquiti Networks has sent out notification emails to its customers informing them of a recent security breach. According to Ubiquiti, the intruder accessed servers that stored data on UI.com users, such as names, email addresses, and salted and hashed passwords. It is currently unclear how many users have been affected.
The company says there is no indication that there has been unauthorized activity with respect to any user's account. Ubiquiti instructed users to change their passwords on any website where they use the same password or user ID.
Joseph Carson, chief security scientist and Advisory CISO at Thycotic, notes that passwords are again at the forefront of the latest unauthorized access at network equipment provider Ubiquiti Networks."
"The latest data breach, and unauthorized access, has led Ubiquiti to advise its customers to rotate passwords, including any other internet services where the same passwords have been used - a common poor practice that results in data breaches escalating further. The response has been mixed as the notification did not provide much details on what a good password is or using a password management solution to help increase the security of such privileged access. The scary thought is whether or not this unauthorized access has allowed attackers access to customer’s networks, including security camera footage," Carson says.
He adds, "Companies, such as Ubiquiti, that focus on access and security should demand multi-factor authentication by default and integrate into password management security solutions, as this breach shows the importance of not letting a password be your only security control.”