If you are a Ubiquiti customer, you most likely received an email communication from Ubiquiti stating they have become aware of unauthorized access to certain information found in their systems. This is yet another breach in a long list of breaches that are seemingly happening regularly across many organizations. Let’s look at Ubiquiti Breach – How to Change Your password and enable 2FA. We will look at the details of the breach and see how you can change your password and enable two-factor authentication on your Ubiquiti account.
Details on the Ubiquiti breach
As mentioned, if you are a Ubiquiti customer, you most likely received an email communication regarding the breach that states the following:
We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.
We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.
As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.
We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.
What is unclear here is which information technology systems hosted that were breached. However, according to Ubiquiti, at the moment, no indication that there has been unauthorized activity with respect to any user’s account. However, if you are like me, as a Ubiquiti customer, you have to wonder if no account data was exposed.
It seems like with breaches that happen across the landscape of different organizations, initial statements may indicate no customer data was exposed, however, later, we find that customer data has been exposed. It will be interesting to see how this story unfolds and if any additional data is found to have been exposed with the breach.
Ubiquiti Breach – How to Change Your password and enable 2FA
The email that was sent out to Ubiquiti customers contains direct links to change your password as well as enable two-factor authentication. Let’s take a look and see how this can easily be done.
Following the change password or Enable two-factor authentication link will take you to login to your Ubiquiti account to the Security tab. Here you can change your password and enable two-factor authentication. You can also set a session timeout period.
Clicking the change password button will launch the dialog box to enter your old password and then choose and confirm a new Ubiquiti password.
Enable two-factor authentication will show the QR code for enrolling your account in 2FA in Google Authenticator or another 2FA app like Duo, etc.
Verify your new Ubiquiti account password and make sure you are prompted for a 2FA code during login.
The importance of securing online accounts
This latest in a long line of publicly known breaches helps to continue to underscore the importance of using strong passwords and enabling two-factor authentication. As more services and solutions integrate with the cloud, securing these properly with strong credentials is a good step towards ensuring your account is not compromised.
With multi-factor authentication turned on such as 2FA, even if an attacker has your password, they still do not have all the information needed to login into your account. This will help to bolster the overall security of your account logins.
Time will tell to see if this story unfolds a bit more with the Ubiquiti breach. At this time, it seems like customer data was not breached. However, we have seen in the past as details unfold with a breach, the scope often widens as more information is made available. Hopefully, this information on Ubiquiti Breach – How to Change Your password and enable 2FA will show how you can quickly close up any holes due to the breach of information.