Account notification
-
Today, I received an email from Ubiquiti about unauthorized access to a 3rd party server. Does that affect this forum?
tnx jk
-
@jknott I received the same message. No, that has nothing to do with Netgate in any way.
Not surprising that Ubuiquiti has been flying fast and loose with their security. They are well on their way to becoming a dumpster fire of a company.
-
Either of you mind posting this email? I looked and didn't see anything like what you guys are describing..
You got my curiosity cat meowing at me ;)
-
Dear Customer,
We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.
We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.
As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.
Change Password
Enable Two-Factor AuthenticationWe apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.
Thank you,
Ubiquiti Team -
@nogbadthebad said in Account notification:
We recently became aware of unauthorized access
Curious why I didn't get that - I for sure have unifi account.. Even looked in spam folder.. Maybe I just haven't got it yet.. Prob sending out thousands and thousands of accounts..
Thanks!
-
@johnpoz The only account I have with them is the forum.
-
I found this
https://community.ui.com/questions/possibly-breach/55bc757a-9caf-4889-a2c4-9ad5d8af75ce?page=1
And someone from unifi did chime in that thread
"Thank you for reaching out with this concern. This was an authentic email from Ubiquiti."Yeah I have forum account with them as well..
They are getting a lot of flack in the thread ;)
edit: Just got the email...
-
There is also this article.
-
I enabled 2fa in my account..
My controller was already with remote access disabled.And the ui password can be hacked, only using it there..
I have a policy to use a different password to each site, learned the hard way, unfortunately.. -
Brought forward my plans to replace my Unifi AP's. Took a minute to get things configured overnight but I'm back up and running with Ruckus R710's (used, they're expensive new). Will take some time to tune the radio's for optimal roaming and coverage.
Given the relatively low cost of the 3 AP's and the Cloud Key I think I'll recycle them (sledgehammer) instead of selling them off.
F Ubiquiti!
-
And the next surprise with CloudKey Gen2 and firmware 2.x you need internet and a UI account to configure it. After setting this up, you can not remove the UI owner account.
Wish me a Netgate AP with controller in pfSense
-
IJS.....
-
@stephenw10
did you use a software like unifi controller to manage multiple APs with OpenWrt? -
I don't personally. I just have that one access point so running the controller became tedious pretty quickly. I believe there are multi-access point management systems available for OpenWRT though. There have been several commercial vendors offering it. Not sure any are still going though.
Steve
-
@stephenw10 I now have two nanoHD's doing nothing. I noticed that there is an OpenWRT package for those. Looks very recent and maybe beta. Not sure, didn't spend a lot of time digging. Anyone have any knowledge about the nanoHD and OpenWRT? With the Unifi FW the performance was terrible under load, so maybe not even worth the effort?
Thanks!