In a recent development, users of Ubiquiti devices have encountered a concerning issue wish the company’s UniFi cloud services. Customers reported instances where they were able to see other people’s devices and notifications through the UniFi platform, raising significant privacy and security concerns.
The first report of these issues emerged when a customer received a notification from UniFi Protect, including an image from a security camera that did not belong to them. Subsequently, another customer discovered that they had access to more than 50 devices from another customer’s account when they logged into the UniFi Site Manager portal.
Alarmed by these incidents, affected customers took to platforms such as Reddit and Ubiquiti’s forums to share their experiences. When contacted for a statement, Ubiquiti acknowledged the problem and stated that they are actively gathering information to understand the root cause. Employees have been reaching out to impacted customers to gather more details and address the issue promptly.
Upon further investigation, Ubiquiti revealed that the access to other customers’ devices was caused by a misconfiguration in an upgrade to the UniFi cloud infrastructure. This misconfiguration allowed certain accounts to receive notifications and access devices that belonged to other customers. Ubiquiti has since fixed the issue and is working to notify the twelve accounts that were improperly accessed.
As the company continues to investigate the incident, affected customers are awaiting further communication from Ubiquiti regarding the steps being taken to prevent such occurrences in the future.
This incident serves as a reminder of the critical importance of robust security measures within cloud-based platforms and the potential risks associated with misconfigurations. Ubiquiti customers are advised to remain vigilant and implement any recommended security updates from the company to mitigate potential vulnerabilities.
