Comment on Ubiquiti breach from Thycotic
January 2021 by Joseph Carson, chief Security Scientist at Thycotic
Following the news that Ubiquiti has fallen victim to a data breach, please see below for comment from Joseph Carson, Chief Security Scientist at Thycotic: “Passwords again are at the forefront of the latest unauthorized access at network equipment provider Ubiquiti Networks, which has been a popular solution in recent years with its unified solutions bringing together network access, WIFI, switching, camera, phone and door security into a single platform. The latest data breach and unauthorized access has led Ubiquiti to advise its customers to rotate passwords, including any other internet services where the same passwords have been used - a common poor practice that results in data breaches escalating further.
The response has been mixed as the notification did not provide much detail on what a good password is or using a password management solution to help increase the security of such privileged access. The scary thought is whether or not this unauthorized access has allowed attackers access to customer’s networks, including security camera footage.
Companies such as Ubiquiti that focus on access and security should demand multi-factor authentication by default and integrate into password management security solutions, as this breach shows the importance of not letting a password be your only security control.”