Ubiquiti, the global leader in managed wi-fi systems, and major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, and security cameras, is advising customers to change their passwords and enable multi-factor authentication.
Unfortunately for Ubiquiti users, the company has revealed on Monday it has suffered a security breach. While there’s no indication of “unauthorized activity,” Ubiquiti instructed users to change their passwords on any website where they use the same password or user ID.
What do we know about the security breach?
The IoT networking device vendor experienced a breach of a web portal it uses to manage remote devices and as a support portal. Ubiquiti Networks has sent out notification emails to its customers informing them of a security breach, but so far it is unclear how many users have been affected.
According to the statements of Ubiquiti, the cyberattack was through the servers that stored data on UI.com users, such as names, email addresses, phone numbers, salted, and hashed passwords. “We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. “ Details are also available at Ubiquiti’s forums .
What should I do if I am a client of Ubiquiti?
This type of breach shows the importance of not letting a password be your only security control. You should always look for at least 2 layers of security in every account you have. In this case, to manage your security settings on an Ubiquiti device, visit Ubiquiti’s portal and log in. Click on ‘Security’ from the left-hand menu and:
- Click on Change your password
- Set a session timeout value
- Enable 2 Factor Authentication with an Authenticator app