I still recommend Ubiquiti products and their UniFi line in particular, but I think it’s important for me to address a problem that’s been in the news lately.
Ubiquiti had a security breach in December, which they announced in early January. At the time they downplayed the seriousness of the breach. Having been a long-time technical support manager and executive, I wasn’t very impressed with their announcement, honestly, and also could read between the lines that they weren’t being completely transparent. So I did the necessary things to protect myself and my clients, changing passwords and resetting 2FA keys.
Just last week a whistleblower told a very respected security researcher that the breach was much more serious than originally portrayed. And now we know that what I did back in January was the right move: change passwords and reset 2FA keys.
One thing that makes me feel a little better about all this is that apparently it was an inside job. It’s come out that this was a former employee or contractor who was trying to extort the company. So this makes me a little less worried that there was an actual security flaw that was exploited and also a little less worried that the target was customers’ networks.
Lastly, all of this only effects remote access to networks through Ubiquiti’s own single sign-on system. I do use this system for most of my clients, but I’m assessing alternative methods for remote management and access, both for myself and for clients.
Half Moon Bay, CA