While most of us make do with “normal” consumer networking hardware — like Netgear or ASUS-branded Wi-Fi access points or a modem-integrated router — others have more serious requirements. For them, Ubiquiti’s nearly enterprise-grade prosumer hardware usually fits the bill. But unfortunately for Ubiquiti users, the company has just revealed it has suffered a security breach. While there’s no indication of “unauthorized activity,” the company is still telling customers it might be a good idea to change their passwords.
That’s not because they were stored in plain text or anything like that, merely because login credentials, including encrypted, passwords could have been accessed, and it’s better to be safe than sorry if that information can ever be decrypted later. If you used the same password anywhere else, either, you might want to change it there, too.
Other affected data may also include names, email addresses, physical addresses, and phone numbers. Customers are being notified via email, but details are also available at Ubiquiti’s forums. The vector of the breach was a third-party cloud provider used by Ubiquiti.
Customers are also being urged to turn on two-factor authentication if they haven’t, as that offers another hurdle to clear even if a username and password are leaked.