Ubiquiti, the company from which I bought network devices because I wanted Wi-Fi that is completely under my control, now tells me that there may not have been under my control: my basic account information. According to an email sent to users today, a “third party cloud provider” was obtained by an unauthorized user, and the provider may have some of our data.
Although the company says that there is no evidence that access to our user data has been obtained, it can also not be certain that user data has not been exposed. The potential data at risk is known if you have previously received such an email: names, emails, phone numbers, addresses and (encrypted, hopefully unreadable) passwords. You will want to change your password now.
It does not sound like a serious offense, but it is annoying news to hear from a company that prides itself on giving users control. If I wanted my data on someone else’s server, I would have chosen a router that gave me an advantage over it, such as plug-and-play setup. The database of customer information seems to be getting away with difficulty.
The full email text, which can also be seen on the Ubiquiti forums, is below:
We have recently become aware of unauthorized access to some of our information technology systems offered by a third-party cloud provider. We have no indication that any unauthorized activity has taken place in connection with any user’s account.
We are not currently aware of evidence of access to databases that house user data, but we can not be sure that user data has not been exposed. This data can include your name, email address and the one-way encrypted password for your account (in technical terms the passwords are hashed and salted). The data may also include your address and telephone number if you have provided it to us.
As a precaution, we encourage you to change your password. We also recommend that you change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.
We apologize for the inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.
Thank you,
Ubiquiti-span