If it's about VoIP, SIP or Internet Telephony but it doesn't seem to fit anywhere else, post it here.
User avatar
By WelshPaul
#4099
I received the following email from VoIPtalk earlier this evening :
Notice of Potential Data Breach

We are writing to inform you of a potential security incident involving your VoIPtalk VoIP/SIP password. We value our relationship with you and, as a precautionary measure we are recommending some steps you should take to reduce the risk of any potential fraud occurring on your service. We sincerely apologise for any frustration or concern this may cause you.

Please note that VoIPOffice or connectAssure customers do NOT need to take any action.

What happened
Our security and fraud monitoring systems picked up suspicious activity involving external online attempts to exploit vulnerabilities in our infrastructure to obtain customer data. We are still investigating the nature and potential extent of the problem. However, we feel that it is prudent to err on the side of caution and have made some recommendations below.

What information was involved
We are working on the assumption that your VoIPtalk VoIP/SIP password may have been obtained. Therefore, we are notifying you of this incident purely as a precautionary measure. At time of writing, we are not aware of any fraudulent use of your account or misuse of your information.

What we are doing
We take data security seriously. Subsequently we are taking the following action:
  1. Actively monitoring for any further suspicious activity.
  2. Identifying any points where infrastructure security can be increased.
  3. Implementing a series of security measures over the next few days which will help in protecting your account.
    • By default, we will only allow your account(s) to place calls to UK and common international destinations. Other destinations will be blacklisted and you will be unable to call them.
    • To enable calling to blacklisted destinations, use the blacklist feature on the VoIPtalk portal. Please see instructions on how to do this here.
    • When enabling blacklisted destinations you will be prompted to also update your VoIP/SIP passwords (if you have not done so recently). Changing your VoIP / SIP password will also require you to change it on your IP phones, soft phones or other VoIP/SIP devices.
  4. Encouraging all users to change their VoIPtalk VoIP/SIP passwords as soon as possible.
  5. Notifying the relevant authorities and assisting them in an effort to identify and find those responsible.
What you can do
We advise you to take the following steps to protect your accounts:
  1. Change your VoIP/SIP password immediately by following the instructions at the following link https://www.voiptalk.org/products/voip-password
  2. Reconfigure your VoIP devices/appliances with the updated VoIPtalk VoIP/SIP password – instructions here.
  3. Ensure you only allow international destinations that you would normally call. Blacklist all other international destinations.
  4. Inform us of any unusual activity you detect on your account. If you see anything that looks suspicious, or if you suspect that any fraudulent transactions have taken place, notify us immediately. Please note that we do not and never will store credit card information.
Thank you for reading this advisory, and we welcome any questions that you may have.

For up-to-date information on Telappliant/VoIPtalk services, visit http://www.telappliantstatus.com or follow us on Twitter @voiptalkstatus.

Thank you,

The VoIPtalk Support Team
Anyone else received the above email? I have had a look on their website and twitter page but found nothing on the subject.

Goes without saying - If you haven't done so already, change your passwords!
Sponsored
User avatar
By WelshPaul
#4103
Surprise there hasn't been more uproar about this. If it helps, VoIPtalk have been hard at work implementing a new set of security measures to protect their network infrastructure and customer accounts.

http://www.theregister.co.uk/2016/09/13 ... ed_breach/

http://www.zdnet.com/article/voiptalk-a ... ta-breach/
User avatar
By WelshPaul
#4612
Enter your email address here: https://haveibeenpwned.com

It will preform a search and if your email address is on any “hack list”, name the site(s) breached.
Who is online

Users browsing this forum: CommonCrawl [Bot] and 0 guests

Supported Products: OBi504vs OBi508vs Firm…

Supported Products: OBi200 OBi202 OBi300 OB…

Enter your email address here: https://haveibeenpw…

Well, with VoiceHost you can! I needed to report …