Ubiquity, the renowned producer of networking and video surveillance cameras, has successfully resolved a glitch that unintentionally granted users entrance into the accounts and private live video feeds of fellow customers.
“I logged in and I seem to be someone else,” said one person on the Ubiquiti subreddit. Another said they had “full access” to dozens of consoles that were not their own.
According to initial reports on Reddit, certain individuals received push notifications on their mobile devices containing confidential account information and personal video streams belonging to other users. Furthermore, some users logged into their Ubiquiti accounts only to discover the account details of a different customer presented to them.
Ubiquiti is a company that specializes in cloud technology and produces a vast range of products, spanning from routers and network switches to security and video surveillance equipment. Its centralized cloud service allows users to remotely maneuver and operate these products.
The company elaborated on the issue in a subsequent post on its community forum, stating that the cause of the problem has been “identified and addressed”. According to an anonymous Ubiquiti employee, the root of the issue can be attributed to an upgrade in their cloud infrastructure.
They explained, “We were made aware of a small number of instances where users received push notifications on their mobile devices that appeared to come from unknown consoles, or where such users were able to access consoles that didn’t appear to be their own.”
Ubiquiti reported that 1,216 accounts from one group were incorrectly associated with another group of 1,177 accounts. The unauthorized access was active for a duration of nine hours on December 13.
Although this incident seems to be a technical error rather than a malicious attack, it serves as a reminder that Ubiquiti maintains significant access and control over the devices and data of its customers.