Ubiquiti, a leading networking and video surveillance camera manufacturer, has successfully resolved a bug that inadvertently allowed users access to other customers’ accounts and private live video streams.
Reddit became the unexpected stage for a tech drama this week when user reports surfaced describing push notifications containing Ubiquiti account-related information and private video streams of fellow customers.
“I logged in, and I seem to be someone else,” shared one Reddit user, while another reported having “full access” to numerous consoles that weren’t their own.
Ubiquiti, a renowned cloud and technology company specializing in routers, network switches, and security and video surveillance gear, acknowledged the issue in a subsequent community forum post. The company attributed the problem to an upgrade in its cloud infrastructure.
“We were made aware of a small number of instances where users received push notifications on their mobile devices that appeared to come from unknown consoles, or where such users could access consoles that didn’t appear to be their own,” explained an unnamed Ubiquiti employee.
According to Ubiquiti, 1,216 accounts from one group were improperly associated with another group of 1,177 accounts. This misconfiguration persisted for about nine hours on December 13, 2023.
While characterized as a misconfiguration rather than a criminal incident, it serves as a reminder of the substantial access and control Ubiquiti retains over its customers’ devices and data. Ubiquiti swiftly identified and addressed the problem, showcasing the importance of proactive measures and transparent communication.
In an era where technology companies play a pivotal role in managing user information, incidents like these highlight the shared responsibility between companies and users to prioritize cybersecurity.