Stories
Slash Boxes
Comments

SoylentNews is people

Ubiquiti: Change Your Password, Enable 2FA

posted by Fnord666 on Tuesday January 12 2021, @03:39AM   Printer-friendly
from the ubiquitous-credentials dept.
Security

upstart writes in with an IRC submission:

Ubiquiti: Change Your Password, Enable 2FA:

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

In an email sent to customers today, Ubiquiti Inc. said it recently became aware of "unauthorized access to certain of our information technology systems hosted by a third party cloud provider," although it declined to name that provider.

[...] Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company's user support forum.

Is anyone running Ubiquiti gear and if so, what do you think?

Original Submission

This discussion has been archived. No new comments can be posted.
Ubiquiti: Change Your Password, Enable 2FA | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by coolgopher on Tuesday January 12 2021, @07:13AM

    by coolgopher (1157) on Tuesday January 12 2021, @07:13AM (#1098782)

    I'm using a couple of Ubiquiti APs for my home network. It's been sooo much more stable than the consumer grade nonsense I had to deal with before that.

    Personally I'm not concerned about this breach since I haven't enabled any of the cloud functionality and thus don't have an account that could've been exposed. Being able to remotely administer my home network seemed like an anti-feature at the get-go...

  • (Score: 0) by Anonymous Coward on Tuesday January 12 2021, @10:34AM (4 children)

    by Anonymous Coward on Tuesday January 12 2021, @10:34AM (#1098808)

    that's an interesting argument

    at least at the moment my phone number can't be used to hijack my identity and isn't a unique identified for me across the internet

    2fa using a mobile phone number is just increase the surface area of attack

    • (Score: -1, Troll) by Anonymous Coward on Tuesday January 12 2021, @06:37PM

      by Anonymous Coward on Tuesday January 12 2021, @06:37PM (#1098974)

      this is what i came to complain about. These slaveware peddling whores want to tell people what to do but probably are too stupid/dirty legged to provide a privacy respecting, secure option. fuck these motherfuckers. If you fund them you deserve what you get.

    • (Score: 1, Informative) by Anonymous Coward on Tuesday January 12 2021, @06:59PM (2 children)

      by Anonymous Coward on Tuesday January 12 2021, @06:59PM (#1098995)

      The website seems to indicate 2FA is implemented as TOTP., e.g. Google authenticator. No need to tell them your phone number.

      • (Score: 0) by Anonymous Coward on Tuesday January 12 2021, @10:10PM (1 child)

        by Anonymous Coward on Tuesday January 12 2021, @10:10PM (#1099109)

        Giving your phone number to Google is a good idea since when?

        • (Score: 1) by Sabriel on Friday January 15 2021, @05:56AM

          by Sabriel (6522) on Friday January 15 2021, @05:56AM (#1100422)

          Using the TOTP ("Time-based One Time Password") protocol to do 2FA means the app itself doesn't need your phone number (even if installing the app involves Google).

          But if you're wanting a non-Google app, another example would be Aegis Authenticator which is available on Github under GPL3 if you don't want to use the Google Play store.

(1)