Ubiquity, the networking and video surveillance camera maker, has fixed a bug that users say mistakenly allowed them access to the accounts and private live video streams of other customers.
Reports first emerged on Reddit that some customers received push notifications on their phones featuring Ubiquiti account-related information and private video streams belonging to other customers. Another person said they logged into their Ubiquiti account but were presented with the account data of another customer.
“I logged in and I seem to be someone else,” said one person on the Ubiquiti subreddit. Another said they had “full access” to dozens of consoles that were not their own.
Ubiquiti is a cloud and technology company that makes routers, network switches, security and video surveillance gear, which can be remotely controlled and operated through its centralized cloud offering.
In a subsequent post on its community forum, Ubiquiti said it has “identified — and addressed — the provoke of this problem,” which the company said was caused by an upgrade to its cloud infrastructure.
“We were made aware of a small number of instances where users received push notifications on their mobile devices that appeared to come from unknown consoles, or where such users were able to access consoles that didn’t appear to be their own,” wrote an unnamed Ubiquiti employee.
The company said 1,216 accounts from one group were improperly associated with another group of 1,177 accounts, and that the mixed access lasted for about nine hours on December 13.
While this appears as a misconfiguration rather than a criminal incident — and mistakes happen — it’s a reminder that Ubiquiti still retains vast access and control over its customers’ devices and data.