Ubiquiti should really stop making cloud logins mandatory. The latest stuff (UDM/UDM Pro, Cloud Key G2) must be connected to their cloud at installation time. Remote access can be turned off but an admin account connected to their cloud remains.
Without those ties to their infrastructure, this breach would not be as severe. It would just cause an attacker to see what I've bought from them, nothing else.
I'm glad I can still use the unifi controller in docker without any ties to UI.com however their later stuff like Unifi protect, access, talk etc no longer works with that.
I worked there and I didn't even understand why we had to force cloud logins on Dream Machine. In the early days we were all about letting people run their own controller hardware and not requiring cloud logins. No one could ever tell us why we had to force everyone to the cloud. It was a mandate from above
Without those ties to their infrastructure, this breach would not be as severe. It would just cause an attacker to see what I've bought from them, nothing else.
I'm glad I can still use the unifi controller in docker without any ties to UI.com however their later stuff like Unifi protect, access, talk etc no longer works with that.