18 votes Whistleblower alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price Posted March 30 by spit-evil-olive-tips Tags: security, ubiquiti, networking, wireless, data breaches, whistleblowers, stock market, business https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ Link information This data is scraped automatically and may be incorrect. Title Whistleblower: Ubiquiti Breach "Catastrophic" Published Mar 30 2021 Word count 863 words 3 comments Collapse replies Expand all Comments sorted by most votes newest first order posted relevance OK  spit-evil-olive-tips (OP) March 30 Link oops. Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies. oops. 8 votes shiruken March 30 Link Parent Don't worry, it's just a "third-party cloud provider" of no significance. Don't worry, it's just a "third-party cloud provider" of no significance. 2 votes just_a_salmon March 30 Link Parent Well, I’m glad I decided to not enable remote UniFi controller access on my home network. Well, I’m glad I decided to not enable remote UniFi controller access on my home network.