Ubiquiti informed customers to change passwords after security breach
If you use any of Ubiquiti cloud services such as account.ui.com or UniFi Cloud Key. It is strongly adviced to change your password now.
You are most likely to use those services if you have the following running in your homes, offices, factories, facilities, plants:
UniFi Access Points
This was the email that was sent to customers this week
< — Email Begins — >
We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.
We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.
As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.
< — Email Ends — >
The servers stored user profiles information for account.ui.com. It is a cloud service Ubiquiti provides to its customers when they buy the products.
The cloud service also manages the customers devices, its configurations and connection information.
Ubiquiti mentioned the intruder accessed servers which stored information such as names, email addresses, and passwords.
Addresses and phone numbers may have also been exposed, if the users included this information in the service.