Ubiquiti, a maker of surveillance and networking gear, has admitted that a software bug in its system allowed some of its customers to access other users’ security camera footage and accounts. The company blamed a cloud system misconfiguration for the privacy breach but maintained that the issue has since been fixed and all Ubiquiti accounts are now accurately linked across its infrastructure.
- The system error allowed some users to view and receive notifications from other users’ security cameras, raising concerns about potential security breaches.
- Ubiquiti confirmed the issue began on the morning of December 13 but claimed that it only affected a “small number of users.”
- While the company believes that “less than a dozen” people were granted temporary remote access to other users’ accounts, it is still investigating the scope of the issue.
The bug was first brought to light by a customer who noticed unusual behavior and shared the experience on Reddit, stating that they received a notification from Ubiquiti’s UniFi Protect app that included an image from a camera that did not belong to them. The UniFi Protect app is meant to allow users to manage multiple security cameras, watch live feeds, configure their equipment, and download footage. However, it is meant to restrict access to devices belonging to the specific user. The incident raised concerns about a possible security breach or internal sabotage from a disgruntled developer.
Ubiquiti’s incident is a serious concern in light of privacy expectations and norms around cloud-based services. While the company has assured that the system misconfiguration has been corrected, the full impact of this privacy breach is yet to be determined.