Networking vendor Ubiquiti has written to its customers to advise them of a possible leak of their personal information.
“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider,” the email opens, before adding: “We have no indication that there has been unauthorized activity with respect to any user’s account.”
But the mail, seen by The Reg and sent out within the past few hours, also says Ubiquiti “cannot be certain that user data has not been exposed,” and admits that if the unauthorized actors did get in, they’ll have been able to access users’ “name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted).”
Customers who stored their physical address and phone number in their account were advised that data may also have been accessed.
“As a precaution, we encourage you to change your password,” the mail states, adding that two-factor authentication is a very fine idea that customers should enable ASAP on their online accounts if it’s not already employed. A warning about password re-use across multiple sites is also offered.
Maybe now these guys will start taking security seriously. The last I looked you could get to the admin password just by telnetting into the boxes password free.