I still recommend Ubiquiti products and their UniFi line in particular, but I think it’s important for me to address a problem that’s been in the news lately.
Ubiquiti had a security breach in December, which they announced in early January. At the time they downplayed the seriousness of the breach. Having been a long-time technical support manager and executive, I wasn’t very impressed with their announcement, honestly, and also could read between the lines that they weren’t being completely transparent. So I did the necessary things to protect myself and my clients, changing passwords and resetting 2FA keys.
Just last week a whistleblower told a very respected security researcher that the breach was much more serious than originally portrayed. And now we know that what I did back in January was the right move: change passwords and reset 2FA keys.
One thing that makes me feel a little better about all this is that apparently it was an inside job. It’s come out that this was a former employee or contractor who was trying to extort the company. So this makes me a little less worried that there was an actual security flaw that was exploited and also a little less worried that the target was customers’ networks.
Lastly, all of this only effects remote access to networks through Ubiquiti’s own single sign-on system. I do use this system for most of my clients, but I’m assessing alternative methods for remote management and access, both for myself and for clients.
Darius Dunlap
Purissima Technologies
Half Moon Bay, CA