- On January 11, the networking equipment and Internet of Things (IoT) devices provider began sending out emails to customers informing them of a recent security breach.
- Several months later, however, a source who “participated” in the response to the security breach told security expert Brian Krebs that the incident was far worse than it seemed and could be described as “catastrophic.”
- In a letter penned to European regulators, the whistleblower wrote:
- “It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers. The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”
- The source also told Krebs that in late December, Ubiquiti IT staff found a backdoor planted by the threat actors, which was removed in the first week of January. A second backdoor was also allegedly discovered, leading to employee credentials being rotated before the public was made aware of the breach.
- The cyberattackers contacted Ubiquiti and attempted to extort 50 Bitcoin (BTC) — roughly $3 million — in return for silence. However, the vendor did not engage with them.
– Charlie Osborne | March 31, 2021
