UniFi devices broadcasted private video to other users’ accounts
- Thread starter TonyR
- Start date
SpacemanSpiff
Known around here
Just read about it... sounds like they were able to correct the issue fairly quickly.
prsmith777
Getting comfortable
Dear Ubiquiti Community -
Yesterday, thanks to your feedback and support, we were made aware of a small number of instances where users received push notifications on their mobile devices that appeared to come from unknown consoles, or where such users were able to access consoles that didn’t appear to be their own.
We have since identified – and addressed – the cause of this problem. Specifically, this issue was caused by an upgrade to our UniFi Cloud infrastructure, which we have since solved.
1. What happened?
1,216 Ubiquiti accounts ("Group 1") were improperly associated with a separate group of 1,177 Ubiquiti accounts ("Group 2").
2. When did this happen?
December 13, from 6:47 AM to 3:45 PM UTC.
3. What Does this Mean?
During this time, a small number of users from Group 2 received push notifications on their mobile devices from the consoles assigned to a small number of users from Group 1.
Additionally, during this time, a user from Group 2 that attempted to log into his or her account may have been granted temporary remote access to a Group 1 account.
4. What is the Current Status?
Ubiquiti has solved this misconfiguration with its cloud infrastructure - the problem is solved and all Ubiquiti accounts are now properly associated across our infrastructure.
5. How many Accounts from Group 1 Were Actually Improperly Accessed by a User from Group 2?
We are still investigating but we believe less than a dozen.
6. How Do I Know if my Account was Improperly Accessed?
We plan to reach out to any accounts in the Group 1 population via email.
If I recall, this is not Ubiquiti's first cloud-related access leak.
The major one that stood out to me was a false flag operation perpetuated by an internal employee: Ubiquiti is accused of covering up a ‘catastrophic’ data breach — and it’s not denying it
Not so good when a business is trying to sail a secure ship and it gets torpedoed by one its own employees......self-important, insecure asshole. Hope he (Nickolas Sharp) enjoys his jail cell.
Sadly, history is riddled with examples of people causing all manner of mayhem on their last days out the door. I've personally seen no less than ten incidents where formal employee's made a company lose millions to flat out bankrupt. In 2023 the power a single person holds within a companies technical / financial role can't be understated.
That can span from trade secrets to taking down the entire network infrastructure . . .
prsmith777
Getting comfortable
Ex-Ubiquiti dev-turned-extortionist gets 6 years in prison
Momentary lapse in VPN led to stretch in the cooler, $1.6m bill
www.theregister.com
6 years in prison and 1.6 million dollars restitution
The six years really had me surprised to be honest but the 1.6 million. The company will never see that but on the flip side its a safe bet that guy will have a court ordered garnashee enforced..Ex-Ubiquiti dev-turned-extortionist gets 6 years in prison
Momentary lapse in VPN led to stretch in the cooler, $1.6m bill
6 years in prison and 1.6 million dollars restitution