Trust and security with cloud based services from tp-link
Latest scandal with Ubiquiti storing passwords on last pass without any additional security like 2FA leaves a lot of questions. Back then some time ago, when a thread about what to buy was created, mostly it was flooded by Ubiquiti fanboys promoting them just to be smashed back to the ground after hackers gained access to lastpass and by that gaining access to their AWS servers. Amazingly that the only security consisted of a username+pass and really terrible fact is that they stored at all anything on lastpass. Since then many move to tp-link, but is tp-link better in that part or not is not transparent to me currently.
Considering the danger by use of cloud based applications, I would like to know from tp-link how tp-link can assure that such blatant, hard to imagine case like with Ubiquiti could not happen to users using omada cloud services? Can we know more about how you can assure that something like that will not happen as well as how can you assure that no rogue employee gains/shares access? Ubiquiti degraded their company and hardware to lowest possible rating and is not recommended at all to be used and if used, better getting rid of it as quick as possible. Considering that fact, it would be very unpleasant to find out later that tp-link did not force users to change passwords, does not have logs, own system breached etc.. and I would wish to have some transparency about questions I raised especially about security issues connected to cloud.
Main reason for raising this question is possible case that omada cloud credentials leaked long time ago as 2FA was introduced lately, but 2FA should have been standard since at least 2016. This meant for me that tp-link did not really care about 2FA until something happened/happens, did something happen? What was the reason that tp-link finaly enabled 2FA for the cloud? As well as, what is the reason that prevents omada cloud controller to have 2FA (captcha would be nice too)? Admins phone gets stolen with full access to omada cloud means, thiefs have full access and nothing can prevent them from accessing it.
I am also curious if you plan to move away from java8 or at least upgrade omada for higher versions? Outdated soft/dependencies are always security issue.