Subject: Update from Investigation into Prior Security Attack – IMPORTANT Action Recommended
When it comes to your PBX, we understand that security is paramount and that transparency from your partners like Sangoma, is not only the best policy, it’s the only policy. As a result, we are emailing you today to follow-up and share the results of the investigation into a previous incident regarding our sip trunking service that you may have already been notified about. For those of you who do not use our SIPStation SIP trunking service, that notification explained that about a month ago we had one of our trunking servers attacked, resulting in an illegal hacker getting access to some user's randomly generated SIP Credentials. At the time of that incident, we promptly communicated via email to all of our SIPStation customers about the issue, and worked with them to obtain new SIP credentials. Our investigation into that attack resulted in a suite of new improvements to our platform as outlined in our SIPStation wiki, more specifically the section on notifications and access restrictions.
Through our investigation we were able to track where in our infrastructure the hacker obtained access. Although we have found no trace or evidence of them accessing our customer data, we have been notified of 14 systems that have been affected out of thousands of deployed system. Based on this we have determined that it's theoretically possible that these unlawful hackers could have gained access to some PBX data and left no trace. Given this possibility we are sending this update to our broader group of PBX users beyond just our SIPStation subscribers. As mentioned, Sangoma’s commitment to you is to always do everything within our ability to secure our network and to be transparent with you about any attacks. We can tell you with absolute certainty is that we retain absolutely no credit card information and exclusively use Authorize.net as our fully PCI compliant and secure provider for all credit card transactions. So none of your payment details could ever be accessed...
Our records indicate that your organization has one or more deployments where you previously provided Sangoma with either SSH or Web GUI credentials, so that our support team would have easier access to your systems, when you request our help in future support calls. Since it's theoretically possible, that a hacker may have gained access to a system with those credentials present, it would be prudent of you to make changes to the passwords. We ask you to please do this promptly. To learn more about changing your SSH password, please visit our wiki article on changing your root password.
https://community.freepbx.org/t/hacked-via/40670/35
↧