Reset your Ubiquiti passwords now

Nothing says fun like a company describing her own data breach as “catastrophic.“ It’s a Word “c” you definitely don’t want to know if you have an account with that company or if you use its products, and this is exactly what recently happened to Ubiquiti.

Before entering this, here is what you should do now: Change your Ubiquiti passwords and enable two-factor authentication. If you don’t do anything else in response to this mess, do it.

Not only do you have to change your Ubiquiti password and configure two-factor authentication, but you might also want to take some more serious action with your Ubiquiti network equipment. As security expert Brian Krebs Explain:

“If you have installed Ubiquiti devices and haven’t changed passwords on the devices since January 11 of this year, this would be a good time to take care of it.

It may also be a good idea to simply delete any profiles you had on these devices, make sure they are up to date to the latest firmware, and then recreate those profiles with new ones. [and preferably unique] identifiers. And seriously consider disabling all remote access on devices. “

The latter is critical, as the data breach – described to Krebs as “catastrophic” by an anonymous inside source Ubiquiti – reportedly gave attackers, “root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user credentials. user database and the secrets needed to forge single sign-on (SSO) cookies. ”

With this information, the attackers (theoretically) to be able to remotely connect to Ubiquiti devices. I haven’t seen any evidence that this actually happened, and Ubiquiti complaints “no evidence that customer information was accessed, or even targeted.” But, as is always the case in cases like these, I would take these statements with a grain of salt.

Data breach was serious enough for Ubiquiti to email customers Jan. 11 indicating that they might want to change their passwords and enable 2FA as a precaution. If the breach was so big, I join others in suggesting that instead Ubiquiti maybe should have force reset all passwords for all accounts.

Unfortunately now amounts to which side you believe – the whistleblower, speaking to Krebs, who claims Ubiquiti has no idea if consumer accounts have been accessed because he has no logging to determine it, or Ubiquiti himself, who says all is well.

While I doubt we will ever know the extent of the problem, I side with the whistleblower, who, uunless they were looking to make a deadly short on Ubiquiti’s action, they wouldn’t have much a reason to lie about such a serious problem. Or, to put it another way, I prefer to err on the side of “prepare for the worst“What” to do the bare minimum and risk a bad surprise. “

Going forward, be sure to use all possible mechanisms to keep your network equipment (and all connected accounts) as secure as possible. This means one-time passwords for everything, two-factor authentication anywhere you can configure it, deactivation Remote management if you never use it, and by doing a thorough research of other security settings, you might consider enabling on your specific router / access point / gateway. (Everyone’s network gear is different, so there may be specific settings enabled by default that you will want to explore on your own equipment.)

Beyond that, set up a filter or alert in your email which makes it very obvious when the manufacturer of your network equipment sends you an email. I get a lot of emails, and it is possible that I haven’t even noticed Ubiquiti return message when they sent it. Stay on top of it all, as this is the best way to protect yourself and your home network from unwanted intruders.