Ubiquiti $4bn VPN Breach Scandal Exposed
You should use a VPN that provides a “kill switch” Using a VPN without a kill switch is a bad idea.
Recently, a brief VPN outage led to the arrest of a former Ubiquiti developer. This developer, Nickolas Sharp, has reportedly been charged with stealing data and trying to extort his employer Ubiquiti while pretending to be a whistleblower at the same time.
According to the indictment, after securing a job at another company, Sharp allegedly used his still functional privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service to download large amounts of proprietary data.
During the holidays we are seeing more and more attacks but we do not expect those to come from within. To cover his tracks, Sharp had used a VPN connection to mask his real IP address. He then sent a ransom note to Ubiquiti using the same cover, demanding 25 bitcoin in exchange for a promise not to share the data.
January 2021 the Internet of Things (IoT) specialist Ubiquiti disclosed a network breach. The scope of which of the breach was questioned by an anonymous whistleblower a couple of months later. However, according to KrebsOnSecurity, it has now emerged that both incidents were the handiwork of the same individual, Nickolas Sharp, a senior developer at Ubiquiti, who has been charged for the crimes.