Ubiquiti, the company I bought networking gear from because I wanted Wi-Fi that’s totally under my control, now tells me something may not have been under my control after all: my basic account information. According to an email it’s sending out to users today, a “third party cloud provider” was accessed by an unauthorized user, and that provider might possibly have some of our data.
While the company says it isn’t hasn’t found any evidence that our user data has been accessed, it also “cannot be certain that user data has not been exposed”. The potential data at risk will be familiar if you’ve received these kinds of emails before: names, emails, phone numbers, addresses, and (encrypted, hopefully unreadable) passwords. You’ll want to change your password now.
It doesn’t sound like that bad a breach as breaches go, but it’s annoying news to hear from a company that prides itself on giving users control. If I had wanted my data on someone else’s server, I might have picked a router that gave me some benefit for it, like plug-and-play setup. The database of customer info, it seems, is hard to get away from.
The full email text, which can also be viewed on the Ubiquiti forums, is below:
We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.Thank you,Ubiquiti Team
Ubiquiti, maker of prosumer routers and access points, has had a data breach The British Journal Editors and Wire Services/ The Verge.