In January, Ubiquiti sent emails to customers notifying them of a recent security breach, saying certain user information such as names, email addresses, and passwords were potentially accessed. But according to a whistleblower, the company downplayed what was actually a "catastrophic" incident.
KrebsOnSecurity, an influential blog, said that a security professional who helped the company respond to the breach contacted Krebs after raising concerns both internally at the company and with European data protection authorities. The source, who spoke to Krebs on the condition of anonymity, said that Ubiquiti falsely shifted blame for the incident onto a third party in part to "minimize the hit to its stock price."
As of this writing, Ubiquiti has not responded to the allegations. Although we don't yet know the full story, the stock price reaction is understandable.
We're entering a brave new world of technologies that, if used the wrong way, in effect can spy on households. Consumers are only going to buy the brands they trust, and a false step can make or break a company's products.
It is far too early to say exactly what happened with Ubiquiti or what the long-term impact on the business will be, but the whistleblower allegations clearly add to the risks associated with the company, and the stock is reacting to that added risk on Wednesday.