Ubiquiti hiccup gave customers sneak peek into others’ view.

December 17, 2023
1 min read

Ubiquiti, a maker of security and networking equipment, announced that it had resolved a misconfiguration issue that was allowing some customers to view other users’ surveillance feeds and access their accounts. The company stated that the issue was due to a cloud system misconfiguration and assured that all accounts were properly associated across their infrastructure as of Thursday evening. This incident brought concerns about a potential security breach, and many customers shared their experiences on platforms such as Reddit. Ubiquiti did not provide specific details about the number of customers affected but continues its investigation into the incident.

  • A cloud system misconfiguration allowed some Ubiquiti customers to see the surveillance footage of other users and access their accounts.
  • Ubiquiti confirmed that the problem has been fixed and all accounts are now correctly associated across their infrastructure.
  • Ubiquiti did not disclose the number of customers affected by the misconfiguration and they are still investigating the matter.

Ubiquiti customers began to report strange behavior with their notifications on Wednesday, with some receiving alerts from surveillance cameras that did not belong to them. The company’s UniFi Protect application is designed to allow users to manage and configure multiple surveillance cameras, watch live feeds and download footage. However, the misconfiguration made it possible for users to view feeds and access accounts of strangers.

Despite fixing the problem, Ubiquiti is yet to provide the specific details about the number of customers affected or the breadth of the data breach and continues to investigate the incident. The company said it believes fewer than a dozen customers had unauthorized remote access to their accounts, and it vowed to notify those affected. This comes as Ubiquiti is notifying another set of customers about a compromise of their routers by Russian cyber spies.

Although Ubiquiti maintains that only a small number of users were affected, this situation illustrates the potential risks and vulnerabilities tied to IoT devices and cloud-based services. Cases like these emphasize the need for individuals and businesses to understand the privacy and security implications of using such technologies.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and