Join us at TNW Conference 2022 for insights into the future of tech →

Your sardonic source for consumer tech stories

This article was published on December 2, 2021

The curious case of the Ubiquiti employee-whistleblower-hacker

Full stack cybercriminal: Employee, hacker, whistleblower, extortionist

The curious case of the Ubiquiti employee-whistleblower-hacker
Ivan Mehta
Story by

Ivan Mehta

Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh." Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh."

I wish I was a crime podcast host right now — it’d be my favorite way to tell this tantalizing story about a tech worker hacking his own company, demanding a ransom, and later turning into a ‘whistleblower’ to cover his tracks.

According to a document published by a New York district court, Nikolas Sharp, a former employee of network device maker Ubiquiti, hacked the company’s system and demanded a $2 million ransom. This is just the tip of the iceberg of the story, so let’s unpack what happened.

Who is Nikolas Sharp?

Sharp was a cloud lead at Ubiquiti Networks from August 2018 to March 2021, according to his LinkedIn profile. Prior to this, he worked at companies like Amazon and Nike.

What was the big Ubiquiti security incident?

In January, the company, sent an email to its customers saying that a hacker had gained access to its systems hosted on third-party services —such as AWS — and some customer data including names, email IDs, addresses, and phone numbers may have been exposed. The company, which makes Wi-Fi mesh gears access points primarily for enterprise customers, said it wasn’t aware of any malicious activity on any user’s account.

You can read the full email in the tweet below:

At the time of this disclosure, the company wasn’t aware of the hacker’s identity. The fun bit was that Sharp was a part of the team that was investigating the scope of the incident.

What did Sharp actually do?

As a cloud lead, Sharp had access to certain keys to get into the company’s AWS and GitHub repositories. On December 10 last year, he anonymously logged into the company’s AWS account, and a few days later, he accessed the company’s GitHub account.

Ubiquiti's Dream Machine access point
Ubiquiti’s Dream Machine access point

Get the Plugged newsletter

Subscribe to our snarky newsletter all about consumer tech.

Published
Back to top