Ubiquiti / UniFi Data Breach January 2021
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Ubiquiti / UniFi Data Breach January 2021
https://www.youtube.com/watch?v=TezMyECFE4k
viewtopic.php?f=320&t=139875
hm i don't use unifi equipment, but in case this affects you, best find out more.
viewtopic.php?f=320&t=139875
hm i don't use unifi equipment, but in case this affects you, best find out more.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
- Toxic17
- Ask me anything
- Posts: 6477
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
if you failed to get the notification then you can see official (limited) response here: https://community.ui.com/questions/Acco ... cdbf6906f3
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
-
- Experience counts
- Posts: 1374
- Joined: Mon Nov 21, 2016 12:55 am
- Location: Orlando, FL.
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
I use UniFi equipment -
I am going to do nothing about it. Am I stupid ? Probably - let's see what happens. QSnatch never affected any of my clients (and I was totally panic stricken when that happened around December 2019).
Bob Zelin
I am going to do nothing about it. Am I stupid ? Probably - let's see what happens. QSnatch never affected any of my clients (and I was totally panic stricken when that happened around December 2019).
Bob Zelin
Bob Zelin / Rescue 1, Inc.
http://www.bobzelin.com
http://www.bobzelin.com
- moody_blue
- Easy as a breeze
- Posts: 266
- Joined: Tue Jan 10, 2017 9:23 am
Re: Ubiquiti / UniFi Data Breach January 2021
Let's not be dramatic. Any organization (including this forum) can be penetrated and userid's (and sometimes passwords) exposed. I've received the warning e-mail, changed my Unifi PW, and that's it. I do not share passwords among my dozens of accounts, and my passwords are randomly generated with 16+ non-trivial characters. I value organizations that alert me that it's time to change my PW's (idealy PW's should be changed every 3 months unless a breach is discovered, which forces an unplanned pw change).
QNAP TS-253A 8G QTS 5.0.1.2145
Plex Media Server 1.29.0.6209
OpenHAB 3.4.0.M2
Unifi 7.2.92
Apache80 2454.8230
GLPI 10.0.3
Plex Media Server 1.29.0.6209
OpenHAB 3.4.0.M2
Unifi 7.2.92
Apache80 2454.8230
GLPI 10.0.3
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
https://www.youtube.com/watch?v=EhC_JgXjoBg
seems the latest update by a whistle blower was that the breach was more serious than initially thought.
if you don't use ubiquiti, or you don't think this is a concern to you, feel free to ignore. but for everyone else, watch the video for what to do. namely change your ubiquiti password if you hadn't yet, and possibly enable 2factor authentication (ideally). And if possible use a local account for ubiquiti (i did this from day 1 since i'm not a fan of the cloud ), and once you confirmed your admin account for your ubiquiti device is enabled, procede to then disable remote access.
at this point you should be done.
seems the latest update by a whistle blower was that the breach was more serious than initially thought.
if you don't use ubiquiti, or you don't think this is a concern to you, feel free to ignore. but for everyone else, watch the video for what to do. namely change your ubiquiti password if you hadn't yet, and possibly enable 2factor authentication (ideally). And if possible use a local account for ubiquiti (i did this from day 1 since i'm not a fan of the cloud ), and once you confirmed your admin account for your ubiquiti device is enabled, procede to then disable remote access.
at this point you should be done.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
-
- Getting the hang of things
- Posts: 89
- Joined: Sat Jan 30, 2016 8:46 pm
Re: Ubiquiti / UniFi Data Breach January 2021
Thanks Moogle, I am a Unifi user and to be honest, I always use 2FA on these types of account. I find it shocking how companies can get away with this blatant security breach and then get a 'slap on the wrist'. Case in point is the facebook 500 Million account breach. Anyway, I digress, but think we all have to use complex passwords and 2FA. This really doesnt help the older generations who struggle with basic passwords, never mind 2FA etc. Last rant. Any Corp company that suffers security breaches where our personal information is leaked should suffer a financial penalty and pay the people who suffer, after all, its us that have to then go and change all our passwords !!! [/rant over]
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
but the breach was on ubiquiti's side. even though they claim it was a third party, the server security was supposed to be managed by themselves so...
if your password is stored on their server, maybe password could potentially leak. so it wouldn't matter how strong your password is, if it's readable. thats why after most breaches you need to change your password regardless.
this is why i don't like cloud. i do my unifi using local account, and it works just fine
for password management i recommend using a password manager (that is not cloud based). My recommendation is keepass because it's free, good and open source
https://keepass.info/
this site also helps somewhat (it's not perfect but it's better than nothing) to alert you if your registered email was detected as being breached. sites that get breached don't always inform the user about it or ask you to change your password, unfortunately, hence why we need haveibeenpwned
https://haveibeenpwned.com
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
-
- Getting the hang of things
- Posts: 89
- Joined: Sat Jan 30, 2016 8:46 pm
Re: Ubiquiti / UniFi Data Breach January 2021
yeah, I am aware of the pwned site. I use 1Password myself, been using it for years. Like you, I prefer local login anyways. Some systems needs to be accessed by the cloud, so I enable the 2fa as that added layer of security.
- Toxic17
- Ask me anything
- Posts: 6477
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
Google chrome also allows you to check for username/password issues/leak throughout the net in the security check feature. I also use a Google Titan key for my Google accounts for 2FAMoogle Stiltzkin wrote: ↑Wed Apr 07, 2021 7:40 pm this site also helps somewhat (it's not perfect but it's better than nothing) to alert you if your registered email was detected as being breached. sites that get breached don't always inform the user about it or ask you to change your password, unfortunately, hence why we need haveibeenpwned
https://haveibeenpwned.com
You do not have the required permissions to view the files attached to this post.
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
https://www.zdnet.com/article/new-side- ... rity-keys/
https://www.securityweek.com/researcher ... -be-cloned
The obtained encryption key can allow an attacker to clone the device and use it to log in to the targeted user’s account, assuming that they have also obtained the account username and password.
However, the researchers pointed out that an attack is not easy to conduct. First of all, the attacker would need to obtain the victim’s security key for several hours without raising suspicion — the victim could change the password or take other steps to secure their account if they notice that their security key is missing and they suspect that an attack on their account is imminent.
The attacker then needs to open the Titan Security Key casing without damaging the chip, perform the EM radiation analysis (which takes several hours), and create a clone of the security key. The researchers also highlighted that the equipment needed to conduct the analysis costs roughly €10,000 ($12,000), and the attacker would also need to have the technical skills to develop custom software and conduct an attack.
“Thus it is still clearly far safer to use your Google Titan Security Key (or other impacted products) as FIDO U2F two-factor authentication token to sign in to applications like your Google account rather than not using one,” the researchers explained in their paper. “Nevertheless, this work shows that the Google Titan Security Key (or other impacted products) would not avoid unnoticed security breach by attackers willing to put enough effort into it. Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered.”
i do like titankey yubikey. it's not perfect like the links pointed out, but as long as you don't leave it out where people can get to it, should be fine but these types of devices you may want to have a backup of it locked in a safe. just in case the 1st one dies or gets lost for some reasonATTACK REQUIRES PHYSICAL ACCESS
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
- Toxic17
- Ask me anything
- Posts: 6477
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: Ubiquiti / UniFi Data Breach January 2021
without password and usernames the hacker may as well get a life.Moogle Stiltzkin wrote: ↑Thu Apr 08, 2021 3:32 am i do like titankey yubikey. it's not perfect like the links pointed out, but as long as you don't leave it out where people can get to it, should be fine but these types of devices you may want to have a backup of it locked in a safe. just in case the 1st one dies or gets lost for some reason
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55