IP telephony biz VoIPtalk quietly admits to possible data breach
Usual drill, change passwords
UK-based IP Telephony service VoIPtalk warned customers of a potential data breach over the weekend.
The firm has implemented tighter security controls and advised customers to change their passwords in response to the suspected hacker incident, which is still under investigation.
In a notice (re-posted on a VoIP user forum here) the firm goes on to explain the situation in some depth:
Our security and fraud monitoring systems picked up suspicious activity involving external online attempts to exploit vulnerabilities in our infrastructure to obtain customer data. We are still investigating the nature and potential extent of the problem. However, we feel that it is prudent to err on the side of caution.
What information was involved We are working on the assumption that your VoIPtalk VoIP/SIP password may have been obtained. Therefore, we are notifying you of this incident purely as a precautionary measure. At time of writing, we are not aware of any fraudulent use of your account or misuse of your information.
VoIPOffice and connectAssure business customers do not need to take any action, the firm adds. Reg reader David forwarded a copy of the incident notice he received on Friday to El Reg.
VoIPtalk.org’s site was unavailable for much of Monday before reappearing that afternoon. The firm is yet to respond to a message to its Twitter account, which is yet to be updated to report news of the suspected breach.
Attempts to reach the firm via its technical support number meant navigating an automated system that required a PIN number we didn’t have to proceed. ®
Updated on September 15, 2016 to add: VoIPtalk confirmed the release of a statement about potential insecurities in its infrastructure by republishing its alert on Wednesday, several days after sending it to users. The IP Telephony firm - which insists that its customer alert is purely precautionary - admits VoIPtalk user accounts (including VoIP and SIP passwords) may have been compromised.