I wish I was a crime podcast host right now — it’d be my favorite way to tell this tantalizing story about a tech worker hacking his own company, demanding a ransom, and later turning into a ‘whistleblower’ to cover his tracks.
According to a document published by a New York district court, Nikolas Sharp, a former employee of network device maker Ubiquiti, hacked the company’s system and demanded a $2 million ransom. This is just the tip of the iceberg of the story, so let’s unpack what happened.
Sharp was a cloud lead at Ubiquiti Networks from August 2018 to March 2021, according to his LinkedIn profile. Prior to this, he worked at companies like Amazon and Nike.
In January, the company, sent an email to its customers saying that a hacker had gained access to its systems hosted on third-party services —such as AWS — and some customer data including names, email IDs, addresses, and phone numbers may have been exposed. The company, which makes Wi-Fi mesh gears access points primarily for enterprise customers, said it wasn’t aware of any malicious activity on any user’s account.
You can read the full email in the tweet below:
Ubiquiti was breached. Notification emails went out to customers just now. Change your password on your Ubiquiti account pic.twitter.com/pm1ebVbPfS
— Milton Security (@MiltonSecurity) January 11, 2021
At the time of this disclosure, the company wasn’t aware of the hacker’s identity....
A British science journalist-turned-attorney who initiated a lawsuit that saw a Harvard University-affiliated cancer centre pay $15 million (11 million) to settle claims of alleged data misreprese...