ALERT VoIP.ms Accounts Compromised

wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
20,217
Reaction score
5,974
You may recall that users reported accounts being compromised at VoIP.ms a number of years ago. Well, just a heads up. We've had sub-accounts there for more than a decade without an issue. And then this week two of them attempted to make foreign calls which we've had blocked. So... if you have old VoIP.ms subaccounts that you thought didn't get compromised by the earlier breach, think again.

FIX: Change ALL of your sub-account passwords. Where possible, add an IP address filter to each subaccount that requires a match with the PBX on which you have registered your trunk. Better yet, use IP address authentication and avoid the problem entirely.
 
Last edited:
I have International disabled as well, but I've created/deleted/created so many sub-accounts that my passwords have definitely been changed since the "breach". You know, the one that never happened. LoL And I also use IP filtering, so I'm covered, I hope.
 
Certainly appears that their entire database was compromised. Don’t recall ever getting an alert to change passwords until this attempt was made. Makes me think the database must be for sale somewhere.
 
wardmundy said:
Certainly appears that their entire database was compromised. Don’t recall ever getting an alert to change passwords until this attempt was made. Makes me think the database must be for sale somewhere.
Click to expand...

Very likely, as I see the password I used to use there attempted across my SIP managed platforms from time to time and have for the last few years actually.
 
billsimon said:
Better fix: be done with VoIP.ms. This is not the first major breach - not that you'd know it, since they refuse to acknowledge the previous one.
Click to expand...
I wouldn't say it's a new breach, unless of course Ward never changed/re-created sub accounts since the 1st one happened. Which, given the wording of his post, he didn't...
 
Mine were the original main account and one of my oldest subaccounts.
 
billsimon said:
Better fix: be done with VoIP.ms. This is not the first major breach - not that you'd know it, since they refuse to acknowledge the previous one.
Click to expand...

If I dumped every service provider I had that had sercurity breaches I couldn't do anything, same for ones who don't ack the issues sometimes (hello Adobe). They are the only sub carrier who properly terminates Canadian Toll Free. You otherwise need the big guys with minimums and so on.
 
You must log in or register to reply here.

Members online

Total: 36 (members: 1, guests: 35)

Latest Posts

Forum statistics

Threads
26,688
Messages
174,412
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top