Ubiquiti, a supplier of networking and surveillance equipment, has recently fixed a bug within its systems that inadvertently allowed some customers to access others’ security camera footage and device information. The issue was identified and fixed on Thursday, with the company blaming a cloud system misconfiguration for the breach. This problem surfaced when a customer posted an account of the issue on Reddit, stating that they had received a notification containing footage from an unfamiliar security camera. Further concerns were raised by other Ubiquiti customers experiencing similar issues. Ubiquiti has said that the issue was instigated the morning of December 13 and has since stated that “all Ubiquiti accounts are now properly associated across our infrastructure”.
- Ubiquiti found that a small number of users were receiving push notifications that seemed to originate from unknown devices or were being granted temporary remote access to accounts and devices that didn’t belong to them.
- The company claimed that these groups of affected users were small and that “less than a dozen” individuals had experienced strangers remotely accessing their accounts.
- Ubiquiti has pledged to contact the affected users and notify them via email. In addition to this, another group of customers are set to be informed that their Ubiquiti routers have been compromised by Russian cyber spies.
- Although Ubiquiti claims that the issue has been resolved following an upgrade to the UniFi Cloud Infrastructure, they also noted that they are still investigating the extent of the problem.
This blunder underlines the critical security issues that can stem from misconfiguration and serves as a reminder to all businesses dealing with customer data to ensure that their systems are appropriately configured and secured.