Ubiquiti, the company I bought networking gear from because I wanted Wi-Fi that is completely under my control, now tells me that something could happen that was not under my control: my basic account information. According to an email it is sending to users today, an “unauthorized user” had access to a “third party cloud provider”, and this provider may have some data.
Although the company says it has found no evidence that our user data has been accessed, it also “cannot be sure that user data has not been disclosed.” Potentially endangered statistics will be known when you have previously received this type of email: name, email, phone number, address, and (encrypted, hopefully literate) passwords. You will now want to change your password.
It doesn’t sound like a serious violation, but it’s disturbing news to hear from a company that prides itself on controlling consumers. If I wanted my data on someone else’s server, I might have picked up a router that did me some good, such as plug-and-play setup. It seems difficult to keep user information out of the database.
The full email text, which can also be viewed on the Ubiquiti forums, is below:
We have recently become aware of unauthorized access to some of our information technology systems under the auspices of a third party cloud provider. We have no indication that unauthorized activity has occurred in connection with a user’s account.
We are not currently aware of any evidence of access to a database that hosts user data, but we cannot be sure that user data has not been disclosed. This data may include your name, email address, and unilaterally encrypted passwords in your account (in technical terms, passwords are hashed and salted). The data may include your address and phone number if you provide it to us.
As a precaution, we encourage you to change your password. We also suggest that you change your password on a website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubicity accounts if you haven’t already.
We apologize for the inconvenience, and deeply sorry for the inconvenience. We take the security of your information very seriously and appreciate your continued trust.