Ubiquiti , which manufactures wireless routers, surveillance cameras and access control systems centrally managed through a cloud service notified clients about unauthorized access to some systems in their infrastructure deployed on the network third party cloud provider.
No direct evidence of a leak has been identified, but having access to compromised hosts, the attackers could also gain access to the database that stored accounts for the service that allows remote control of equipment. The database contained information such as password hashes, names, addresses and phone numbers of Ubiquiti users. Users are advised to urgently change the password for accessing the Ubiquiti cloud service and enable two-factor authentication in the settings, as well as change the password on third-party sites that used an identical password .
In the company forum increased customer dissatisfaction demanding the return of the ability to create local accounts on their devices that are not tied to the Ubiquiti cloud service. In the current firmware for Ubiquiti equipment, the capabilities for separate device management were severely limited and authentication in the company’s cloud service was required to access the device. To manage devices, a mobile application is offered that interacts with the device through the Ubiquiti cloud service and does not support direct connection to the device by IP address.