mastrmind11 717 Posted March 30, 2021 Share Posted March 30, 2021 https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ 1 Link to comment Share on other sites More sharing options...
Luke 37024 Posted March 30, 2021 Share Posted March 30, 2021 Ouch, thanks for sharing. Link to comment Share on other sites More sharing options...
mediacowboy 438 Posted April 19, 2021 Share Posted April 19, 2021 And this is why I perfer to self host as much as I can. Thanks for the link. Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted April 19, 2021 Share Posted April 19, 2021 I run Unifi APs and and a USG. I was thinking of upgrading to a UDM Pro, and and now I'm having second thoughts. Is this just a blip, or something to be more concerned about? Link to comment Share on other sites More sharing options...
Spaceboy 2493 Posted April 19, 2021 Share Posted April 19, 2021 as long as you don't use unifi's cloud service (and who in their right mind would use any provider's cloud service of anything for this very reason) there is nothing to be concerned about. everything online can and will get hacked. the only thing you can do it hope that the service that is hacked fronts up about it fully and quickly 1 Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted April 19, 2021 Share Posted April 19, 2021 9 minutes ago, Spaceboy said: as long as you don't use unifi's cloud service (and who in their right mind would use any provider's cloud service of anything for this very reason) there is nothing to be concerned about. everything online can and will get hacked. the only thing you can do it hope that the service that is hacked fronts up about it fully and quickly Isn't Ubiquiti pushing to make everyone use that? I'm pretty sure I had mine tied in even though I don't use it. Is tehre a way to back out of that? Link to comment Share on other sites More sharing options...
Spaceboy 2493 Posted April 19, 2021 Share Posted April 19, 2021 4 minutes ago, BAlGaInTl said: Isn't Ubiquiti pushing to make everyone use that? I'm pretty sure I had mine tied in even though I don't use it. Is tehre a way to back out of that? i've never signed up for it. its so you can access your unifi config away from home. if that is really important to you just set up a vpn Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted April 19, 2021 Share Posted April 19, 2021 7 minutes ago, Spaceboy said: i've never signed up for it. its so you can access your unifi config away from home. if that is really important to you just set up a vpn I have a VPN setup and use that primarily. I did create a cloud account to test it out, but I've not actively used it. Of course I've changed all my passwords, and have 2-factor enabled. I'm inclined to just severe that connection though. 1 Link to comment Share on other sites More sharing options...
Spaceboy 2493 Posted April 19, 2021 Share Posted April 19, 2021 i would. if you have a VPN its not needed. I'm sure there's some security rule that says don't have things enabled that you don't need Link to comment Share on other sites More sharing options...
rbjtech 4223 Posted April 19, 2021 Share Posted April 19, 2021 The issue was with the new UDM and UDM Pro kit you HAVE to have a cloud account. There has been much kickback on this but Ubiquiti did not change it - I think they may change their minds on this now ... I did purchase a UDM Pro when they were first released, but sent it back for a few reasons but one was I did not want my local network credentials in their cloud... Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted April 20, 2021 Share Posted April 20, 2021 1 hour ago, rbjtech said: The issue was with the new UDM and UDM Pro kit you HAVE to have a cloud account. There has been much kickback on this but Ubiquiti did not change it - I think they may change their minds on this now ... I did purchase a UDM Pro when they were first released, but sent it back for a few reasons but one was I did not want my local network credentials in their cloud... I thought I had heard something like that. Disappointing. I'm not sure what my options are. Guess I'll just hold out with the USG for now. Link to comment Share on other sites More sharing options...
rbjtech 4223 Posted April 20, 2021 Share Posted April 20, 2021 (edited) 7 hours ago, BAlGaInTl said: I thought I had heard something like that. Disappointing. I'm not sure what my options are. Guess I'll just hold out with the USG for now. As long as you have changed your ubiquiti password, re-enabled 2FA and disabled any form of remote admin (or use your own VPN) - then you are safe. The core issue, as has been discussed many times for emby/plex, is what happens when the cloud provider is 'offline' - does that mean that you could not login to your own home network equipment ? Edited April 20, 2021 by rbjtech Link to comment Share on other sites More sharing options...
BAlGaInTl 279 Posted April 20, 2021 Share Posted April 20, 2021 3 hours ago, rbjtech said: As long as you have changed your ubiquiti password, re-enabled 2FA and disabled any form of remote admin (or use your own VPN) - then you are safe. The core issue, as has been discussed many times for emby/plex, is what happens when the cloud provider is 'offline' - does that mean that you could not login to your own home network equipment ? I did all that last night. I was reading a bit about the UDM Pro and found mixed information on whether or not you can really use it without the cloud account. Regardless, you still have to have the cloud account for the initial setup. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now