No, I think GP is referring to their big data breach last year[0]. From TFA linked in that discussion:
> the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
It has shaken a lot of people's confidence in Ubiquiti's internal security practices.
I wonder if you saw the update to the article in the discussion you linked? The attacker was a software engineer who worked at Ubiquiti. I think it's fair to criticize any internal controls that allowed a single engineer to have this amount of access, but from other discussions[1] it sounds like he was unique in this organization.
> the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
It has shaken a lot of people's confidence in Ubiquiti's internal security practices.
0: https://news.ycombinator.com/item?id=26638145