Ubiquiti users were reporting last week that they were seeing other people’s notification and had access to their devices.
The incident was first reported on Reddit, where a user received a notification from UniFi Protect, including an image from someone else’s security camera. Subsequent reports revealed more severe breaches, with users gaining access to other customers’ site management portals, with access to manage devices, and create additional WiFi networks. Ubiquiti revealed that the breach was caused by a misconfiguration during an upgrade to the UniFi cloud infrastructure. Approximately 1,216 accounts were mistakenly associated with another group of 1,177 accounts. This error resulted in notifications and access for accounts in the first group to be sent and given to accounts in the second group. The misconfiguration occurred on December 13 and took around 9hrs before it was rectified. Ubiquiti believed that only twelve accounts were improperly accessed during that time and said that affected users had been notified via email. The company assures customers that the incident is not reflective of expected behaviour and emphasises ongoing efforts to prevent such breaches in the future.
https://www.reddit.com/r/Ubiquiti/comments/18hgpw1/security_problem/
https://www.bleepingcomputer.com/news/security/ubiquiti-users-report-having-access-to-others-unifi-routers-cameras/
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-12-20-cybersecurity-and-open-source-headlines/