from the sounds of it thats how they gained the access Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass <https://en.wikipedia.org/wiki/LastPass> account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
On Tue, Mar 30, 2021 at 2:10 PM Mike Hammett <[email protected]> wrote: > I don't know that LastPass really had anything to do with it, other than > that's where someone stored a password. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Steve Jones" <[email protected]> > *To: *"AnimalFarm Microwave Users Group" <[email protected]> > *Sent: *Tuesday, March 30, 2021 2:06:13 PM > *Subject: *Re: [AFMUG] Ubiquiti played fast and loose with the truth? > > hahaha, lastpass. I like to keep all eggs in a single basket, that way > when i have both hands in the cookie jar, all a guy need to do is walk off > with the basket and make an omelette > > On Tue, Mar 30, 2021 at 1:59 PM Cameron Crum <[email protected]> wrote: > >> We are shocked. SHOCKED I say! >> >> On Tue, Mar 30, 2021 at 1:18 PM Robert Andrews <[email protected]> >> wrote: >> >>> I guess I should have not just put in a link without commenting... >>> >>> So: >>> >>> Why am I surprised? >>> >>> On 03/30/2021 11:15 AM, Robert Andrews wrote: >>> > >>> https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ >>> > >>> > >>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
