Networking device maker Ubiquiti confirmed that it was the target of an extortion attempt following a January security breach which was revealed by whistleblower last week
The company did not confirm the whistleblower’s claims that user data was accessed during the incident or any Ubiquiti source code was stolen.
The incident response experts who were investigating the breach could not find any evidence of customer information being targeted during the breach.
Ubiquiti stated that the attacker, who unsuccessfully attempted to extort the company by threatening to release stolen source code and specific IT credentials, never claimed to have accessed any customer information.
The company is cooperating with law enforcement in an ongoing investigation of the incident, which has revealed that the attacker has intricate knowledge of Ubiquiti’s cloud infrastructure.
As a precautionary measure, the networking device maker advises customers to reset passwords and enable two-factor authentication on their accounts.
After the January security incident, Ubiquiti told its customers that the attacker compromised systems hosted at a third-party cloud provider with no indication that users’ accounts were affected in any way.
However, this week, a whistleblower involved in the breach response stated that the incident’s actual impact was massive.
Ubiquiti allegedly discovered the incident in December 2020 after the hacker already gained admin level to the company AWS accounts and databases stored on AWS.
After the backdoor used by the attacker was removed in January, the hacker tried to extort Ubiquiti by saying that they had already stolen their source code and asked them to pay 50 bitcoins not to reveal the breach.
Ubiquiti did not have a logging system setup which meant that they could not check what data or systems the attacker accessed.
The company did not make the ransom payment, instead found and removed a second backdoor from its systems, changed all employee credentials, and issued the January 11 security breach notification.
As of now, Ubiquiti has only confirmed the hacker’s extortion attempt. It is not yet confirmed whether the source code was stolen and customers’ information was accessed.