Ubiquity, the networking and video surveillance camera maker, has successfully resolved a bug that inadvertently allowed some users access to the accounts and private live video streams of other customers. This issue was promptly addressed after reports surfaced on Reddit, indicating that certain customers received push notifications on their phones containing account-related information and private video streams belonging to other customers. Additionally, some individuals mentioned encountering the account data of other customers upon logging into their Ubiquiti account.
Key Takeaway
Ubiquiti has successfully addressed a glitch that allowed some users to access the accounts and private video streams of other customers due to a misconfiguration during a cloud infrastructure upgrade. The incident, although not a criminal act, highlights the significant control Ubiquiti retains over its customers’ devices and data.
Identifying the Problem
Users on the Ubiquiti subreddit shared their experiences, with one individual expressing surprise at being logged into someone else’s account, while another reported having “full access” to numerous consoles that did not belong to them. Ubiquiti, a cloud and technology company specializing in routers, network switches, security, and video surveillance equipment, acknowledged the issue in a subsequent post on its community forum. The company attributed the problem to an upgrade in its cloud infrastructure and assured users that the cause had been identified and addressed.
The Cause and Impact
An unnamed Ubiquiti employee explained that the glitch was a result of a misconfiguration during an upgrade to the company’s cloud infrastructure. The incident involved 1,216 accounts from one group being improperly associated with another group of 1,177 accounts. This mix-up in access lasted for approximately nine hours on December 13. While it seems to have been a misconfiguration rather than a criminal act, the situation serves as a reminder of the extensive access and control Ubiquiti maintains over its customers’ devices and data.
