They put all of their users eggs in one basket in the cloud. That makes for a very interesting target.
They could have not done that. The users were probably unaware that their data was even placed on the cloud servers of some third party.
Ubiquiti used to be cool. They've taken a nose dive in recent years in several ways: Firmware upgrade suddenly including telemetry by default, forcing people to use their NVR appliance instead of installing their software on their private servers, etc.
Had Ubiquiti not moved people to "cloud solutions" an attacker would have to attack millions of peoples equipment. Now he only had to attack one providers network.
I'm thinking of "Unifi Video" that is going out (EOL announced six months ago), where you could either buy their appliance OR download an official .deb package and install the NVR software on your own server.
They replace that with "Unifi Protect" that comes ONLY as an NVR appliance. No more .deb packages. It also requires you to buy one of their other products (Cloud Key 2), IIRC.
They could have not done that. The users were probably unaware that their data was even placed on the cloud servers of some third party.
Ubiquiti used to be cool. They've taken a nose dive in recent years in several ways: Firmware upgrade suddenly including telemetry by default, forcing people to use their NVR appliance instead of installing their software on their private servers, etc.
Had Ubiquiti not moved people to "cloud solutions" an attacker would have to attack millions of peoples equipment. Now he only had to attack one providers network.