Brian Krebs reports:
On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
Read more on KrebsonSecurity.com.
Update of March 31, 2022: It appears that the “whistleblower” in Krebs’ report was actually the employee who was responsible for the incident and extortion attempt. In March 2022, Ubiquiti filed a defamation lawsuit against Krebs.