Reset Your Ubiquiti Passwords Now
Nothing is more fun than a company describing its own data breach as “catastrophic.” This is the “c” word that you definitely don’t want to hear if you have an account with the said company or use their products, and this is exactly what happened with Ubiquiti recently.
Before we get to that, here’s what you should do right now: change your Ubiquiti passwords and enable two-factor authentication. If you don’t do anything else in response to this mess, do so.
Not only should you change your Ubiquiti password and set up two-factor authentication, but you can also take a few more serious steps with your Ubiquiti networking hardware. As security expert Brian Krebs explains :
“If you have Ubiquiti devices installed and haven’t changed their passwords since January 11 this year, now is the right time to take care of that.
It might also be a good idea to simply delete any profiles you had on those devices, make sure they are updated to the latest firmware, and then recreate those profiles with new [and preferably unique] credentials. And seriously consider disabling any remote access on devices. “
This last bit is key, as the data breach, described by Krebs as “catastrophic” by an unnamed source from Ubiquiti, allegedly gave attackers “admin access to all Ubiquiti AWS accounts, including all S3 data segments, all application logs. , all databases, all user database credentials, and secrets required to create single sign-on (SSO) cookies. “
With this information, attackers would (theoretically) be able to remotely log into Ubiquiti devices. I have not seen any evidence that this actually happened, and Ubiquiti states that “there is no evidence that customer information was accessed or targeted.” But, as always happens in such cases, I would treat these statements with suspicion.
The data breach was severe enough for Ubiquiti to send out an email to customers on January 11 stating that they might want to change their passwords and enable 2FA for unnecessary caution. If the violation were that significant, I would join others in suggesting that perhaps Ubiquiti should have forced all passwords reset for all accounts instead.
Unfortunately, it now comes down to which side you believe – a whistleblower talking to Krebs who claims Ubiquiti doesn’t know if consumer accounts were being accessed because it doesn’t have logging set up to determine it. or Ubiquiti himself, who says everything is fine.
While I doubt we’ll ever know the depth of the problem, I support a whistleblower who, if they weren’t about to commit a murderous shorting of Ubiquiti stock, would have little reason to lie about such a serious issue. … Or, to put it another way, I would rather err on the side of “preparing for the worst” than “making the minimum and risking an unpleasant surprise.”
Going forward, make sure you use all possible mechanisms to ensure the maximum security of your network equipment (and any connected accounts). That means unique passwords for everything, two-factor authentication wherever you can set it up, disabling remote control if you never use it, and carefully looking for other security settings you might consider on your particular router / access point / gateway. (Everyone’s network hardware is different, so certain settings may be enabled by default that you’ll want to learn on your own hardware.)
In addition, set up a filter or alert in your email so that it is very visible when your network equipment manufacturer sends you an email. I get a lot of emails and maybe I didn’t even notice the Ubiquiti message when they sent it. Be aware of all of this as this is the best way to keep yourself and your home network safe from unwanted intruders.