18 votes

Whistleblower alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price

3 comments

  1. [3]
    spit-evil-olive-tips
    Link
    oops.

    Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

    oops.

    8 votes
    1. shiruken
      Link Parent
      Don't worry, it's just a "third-party cloud provider" of no significance.

      Don't worry, it's just a "third-party cloud provider" of no significance.

      2 votes
    2. just_a_salmon
      Link Parent
      Well, I’m glad I decided to not enable remote UniFi controller access on my home network.

      Well, I’m glad I decided to not enable remote UniFi controller access on my home network.