Shares of Ubiquiti traded down more than 10% on Wednesday following a report claiming the maker of cloud-enabled Internet of Things devices downplayed a recent security breach. Block & Leviton LLP, a national securities litigation firm, announces that it is investigating Ubiquiti, Inc. for potential violations of the federal securities laws.
Ubiquity security breach
Originally, Ubiquiti emailed its customers about a supposedly minor security breach at a “third party cloud provider” on January 11th, but noted cybersecurity news site KrebsOnSecurity is reporting that the breach was actually far worse than Ubiquiti let on. A whistleblower from the corporate who spoke to Krebs claimed that Ubiquiti itself was breached, and that the company’s legal team prevented efforts to accurately report the dangers to customers.
A whistleblower involved in the response to a data breach suffered by Ubiquiti Networks has claimed the incident was downplayed and could be described as “catastrophic.”
On January 11, Ubiquiti began sending out emails to clients explaining the recent security breach. The company said that someone had obtained “unauthorized access” to Ubiquiti systems hosted by a “third-party cloud provider,” in which account information was stored for the ui.com web portal, a customer-facing device management service.
At the time, the vendor informed personal data including names, email addresses, and salted/hashed password credentials may have been compromised, alongside home addresses and phone numbers if customers input this data within the ui.com portal.
Ubiquiti did not reveal how many clients may have been compromised. Customers were asked to change their passwords and to enable two-factor authentication (2FA).
Now a source who “participated” in the response to the security breach told security expert Brian Krebs that the incident was far worse than it seemed and could be described as “catastrophic.”
In a letter penned to European regulators, the whistleblower wrote:
“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers. The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”
According to this statement, hackers gained administrative access to AWS Ubiquiti databases via credentials stored and stolen from an employee’s LastPass account, allowing them to obtain root admin access to AWS accounts, S3 buckets, application logs, secrets for SSO cookies, and all databases, including those containing user credentials.
The source also told Krebs that in late December, Ubiquiti IT staff discovered a backdoor planted by the cybercriminals, which was removed in the first week of January. A second backdoor was also allegedly discovered, leading to employee credentials being rotated before the public was made aware of the breach.
The cybercriminals contacted Ubiquiti and attempted to extort 50 Bitcoin (BTC) — roughly $3 million — in return for silence. However, the company did not engage with them.
Now a source who was involved in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
Due to these events, Block & Leviton LLP is investigating whether Ubiquiti and certain of its executives may be liable for securities fraud. Investors who have lost money on their Ubiquiti investment — whether or not they have sold that investment should contact Block & Leviton to learn more. Block & Leviton LLP is a firm dedicated to representing investors and maintaining the integrity of the country’s financial markets.
The fact of the matter is whether you are a small business or large multinational, you rely on computer systems every day. Pair this with the rise in cloud services, poor cloud service security, smartphones and the Internet of Things (IoT) and we have a myriad of cybersecurity threats that didn’t exist a few decades ago.
Companies should no longer be asking why is cybersecurity important, but how can I ensure my organization’s cybersecurity practices are sufficient to comply with all the regulations in the country and to protect my business against sophisticated cyber attacks.