Ubiquiti, the company I bought networking equipment from because I wanted Wi-Fi completely under my control, is now telling me something that may not have been under my control after all: my basic account information. According to an email that was sent to users today, an “external cloud service provider” was accessed by an unauthorized user, and that provider may have some of our data.
While the company says it has not found any evidence that our user data has been accessed, it also “cannot be certain that user data has not been disclosed”. Potential data at risk will be familiar if you’ve received these types of emails before: names, emails, phone numbers, addresses, and passwords (encrypted, which hopefully will be unreadable). You will want to change your password now.
That doesn’t sound like a bad breach as the hacks continue, but it’s annoying to hear news from a company that prides itself on giving users control. If I wanted to have my data on someone else’s server, I might have chosen a router that gave me some benefits, like setting up Plug and Play. It seems hard to get away from the customer information database.
The full email text, which can also be Seen on Ubiquiti forumsBelow:
We recently learned about unauthorized access to some of our IT systems hosted by an external cloud service provider. We have no indication of unauthorized activity in relation to any user’s account.
We are not currently aware of evidence of access to any databases that host user data, but we cannot ensure that user data is not disclosed. This data may include your name, email address, and the one-way encrypted password for your account (technically, passwords are hash and salt). The data may also include your address and phone number if you have provided us with this.
As a precaution, we encourage you to change your password. We also recommend that you change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you haven’t already.
We apologize and sincerely apologize for any inconvenience this may cause you. We take the security of your information very seriously and value your continued trust.