Anyone else received the above email? I have had a look on their website and twitter page but found nothing on the subject.VoIPtalk wrote:Notice of Potential Data Breach
We are writing to inform you of a potential security incident involving your VoIPtalk VoIP/SIP password. We value our relationship with you and, as a precautionary measure we are recommending some steps you should take to reduce the risk of any potential fraud occurring on your service. We sincerely apologise for any frustration or concern this may cause you.
Please note that VoIPOffice or connectAssure customers do NOT need to take any action.
Our security and fraud monitoring systems picked up suspicious activity involving external online attempts to exploit vulnerabilities in our infrastructure to obtain customer data. We are still investigating the nature and potential extent of the problem. However, we feel that it is prudent to err on the side of caution and have made some recommendations below.
What information was involved
We are working on the assumption that your VoIPtalk VoIP/SIP password may have been obtained. Therefore, we are notifying you of this incident purely as a precautionary measure. At time of writing, we are not aware of any fraudulent use of your account or misuse of your information.
What we are doing
We take data security seriously. Subsequently we are taking the following action:
What you can do
- Actively monitoring for any further suspicious activity.
- Identifying any points where infrastructure security can be increased.
- Implementing a series of security measures over the next few days which will help in protecting your account.
- By default, we will only allow your account(s) to place calls to UK and common international destinations. Other destinations will be blacklisted and you will be unable to call them.
- To enable calling to blacklisted destinations, use the blacklist feature on the VoIPtalk portal. Please see instructions on how to do this here.
- When enabling blacklisted destinations you will be prompted to also update your VoIP/SIP passwords (if you have not done so recently). Changing your VoIP / SIP password will also require you to change it on your IP phones, soft phones or other VoIP/SIP devices.
- Encouraging all users to change their VoIPtalk VoIP/SIP passwords as soon as possible.
- Notifying the relevant authorities and assisting them in an effort to identify and find those responsible.
We advise you to take the following steps to protect your accounts:
Thank you for reading this advisory, and we welcome any questions that you may have.
- Change your VoIP/SIP password immediately by following the instructions at the following link https://www.voiptalk.org/products/voip-password
- Reconfigure your VoIP devices/appliances with the updated VoIPtalk VoIP/SIP password – instructions here.
- Ensure you only allow international destinations that you would normally call. Blacklist all other international destinations.
- Inform us of any unusual activity you detect on your account. If you see anything that looks suspicious, or if you suspect that any fraudulent transactions have taken place, notify us immediately. Please note that we do not and never will store credit card information.
For up-to-date information on Telappliant/VoIPtalk services, visit http://www.telappliantstatus.com or follow us on Twitter @voiptalkstatus.
The VoIPtalk Support Team
Goes without saying - If you haven't done so already, change your passwords!