HELLO & WELCOME

Find answers, share answers, discuss.

VoIPtalk - Potential Data Breach?

If it's about VoIP, SIP or Internet Telephony but it doesn't seem to fit anywhere else, post it here.
User avatar

VoIPtalk - Potential Data Breach?

By WelshPaul
Posts Signature Likes Avatar Topics
 Fri 9th Sep 2016, 19:41 #4099
I received the following email from VoIPtalk earlier this evening:
VoIPtalk wrote:Notice of Potential Data Breach

We are writing to inform you of a potential security incident involving your VoIPtalk VoIP/SIP password. We value our relationship with you and, as a precautionary measure we are recommending some steps you should take to reduce the risk of any potential fraud occurring on your service. We sincerely apologise for any frustration or concern this may cause you.

Please note that VoIPOffice or connectAssure customers do NOT need to take any action.

What happened
Our security and fraud monitoring systems picked up suspicious activity involving external online attempts to exploit vulnerabilities in our infrastructure to obtain customer data. We are still investigating the nature and potential extent of the problem. However, we feel that it is prudent to err on the side of caution and have made some recommendations below.

What information was involved
We are working on the assumption that your VoIPtalk VoIP/SIP password may have been obtained. Therefore, we are notifying you of this incident purely as a precautionary measure. At time of writing, we are not aware of any fraudulent use of your account or misuse of your information.

What we are doing
We take data security seriously. Subsequently we are taking the following action:
  1. Actively monitoring for any further suspicious activity.
  2. Identifying any points where infrastructure security can be increased.
  3. Implementing a series of security measures over the next few days which will help in protecting your account.
    • By default, we will only allow your account(s) to place calls to UK and common international destinations. Other destinations will be blacklisted and you will be unable to call them.
    • To enable calling to blacklisted destinations, use the blacklist feature on the VoIPtalk portal. Please see instructions on how to do this here.
    • When enabling blacklisted destinations you will be prompted to also update your VoIP/SIP passwords (if you have not done so recently). Changing your VoIP / SIP password will also require you to change it on your IP phones, soft phones or other VoIP/SIP devices.
  4. Encouraging all users to change their VoIPtalk VoIP/SIP passwords as soon as possible.
  5. Notifying the relevant authorities and assisting them in an effort to identify and find those responsible.
What you can do
We advise you to take the following steps to protect your accounts:
  1. Change your VoIP/SIP password immediately by following the instructions at the following link https://www.voiptalk.org/products/voip-password
  2. Reconfigure your VoIP devices/appliances with the updated VoIPtalk VoIP/SIP password – instructions here.
  3. Ensure you only allow international destinations that you would normally call. Blacklist all other international destinations.
  4. Inform us of any unusual activity you detect on your account. If you see anything that looks suspicious, or if you suspect that any fraudulent transactions have taken place, notify us immediately. Please note that we do not and never will store credit card information.
Thank you for reading this advisory, and we welcome any questions that you may have.

For up-to-date information on Telappliant/VoIPtalk services, visit http://www.telappliantstatus.com or follow us on Twitter @voiptalkstatus.

Thank you,

The VoIPtalk Support Team
Anyone else received the above email? I have had a look on their website and twitter page but found nothing on the subject.

Goes without saying - If you haven't done so already, change your passwords!

How did this post make you feel?

0
User avatar

Re: VoIPtalk - Potential Data Breach?

By WelshPaul
Posts Signature Likes Avatar Topics
 Sat 17th Sep 2016, 17:22 #4103
Surprise there hasn't been more uproar about this. If it helps, VoIPtalk have been hard at work implementing a new set of security measures to protect their network infrastructure and customer accounts.

http://www.theregister.co.uk/2016/09/13 ... ed_breach/

http://www.zdnet.com/article/voiptalk-a ... ta-breach/

How did this post make you feel?

0
0
User avatar

Re: VoIPtalk - Potential Data Breach?

By WelshPaul
Posts Signature Likes Avatar Topics
 Tue 23rd May 2017, 13:10 #4612
Enter your email address here: https://haveibeenpwned.com

It will preform a search and if your email address is on any “hack list”, name the site(s) breached.

How did this post make you feel?

0
 Return to “General VoIP Discussion”
Anyone tried a Fanvil H2U?

Thank you :grinning:

READ MORE
UK Regional Settings for Grandstream telephone adapters (ATA's).

Would just like to express my thanks to the OP for this…

READ MORE
Cisco 7970 Directory

Good morning. I appreciate this phone is now ancient, …

READ MORE
Android SIP app with full bluetooth facility

I am currently trying Grandstream Wave but I would pref…

READ MORE
VIEW MORE TOPICS

Sign up for VIP membership

About us

We're the UK's first independent voice over IP discussion and support forum dedicated to all things VoIP.

Join Today - It's free and takes less than 30 seconds. You might even save yourself a few pounds in the process too.