Earlier this year, Ubiquiti, a Silicon Valley-based IoT device maker, disclosed that it had been hacked. Customer account credentials were exposed which allowed hackers to gain full access to all application logs, databases, user database credentials and information required to forge single sign-on (SSO) cookies. This level of access would allow the attackers to remotely authenticate to countless Ubiquiti cloud-based devices, putting customers’ devices, such as routers, network video recorders and security cameras, deployed in corporations and homes around the world at risk.
With an international presence in 200 countries and more than 85 million devices deployed, Ubiquiti had a colossal challenge on its plate. Once the vulnerabilities were identified and credentials were changed, customers were encouraged to reset passwords and implement two-factor authentication.
Security veteran, Brain Krebs recommended that all Ubiquiti customers change the passwords on any devices that haven’t been … Read the rest