[BreachExchange] VoIPtalk may have been hit by hackers, initiates precautionary password resets

[Audrey McNeil]

http://www.ibtimes.co.uk/voiptalk-may-have-been-hit-by-hackers-initiates-
precautionary-password-resets-1581246

London-based telephony provider VolPtalk may have been hit by hackers. The
firm began discreetly informing customers about a potential data breach
having been detected over the weekend. Customers were also requested to
reset their passwords as a precautionary measure.

The firm sent out a notice to customers, posted by a VoIPtalk user on a
forum, apologising for any inconvenience caused. It explained that it had
detected "suspicious activity" and said hackers may be attempting to access
user data. The firm added that in efforts to ensure extra protection to
user data, it was "actively monitoring" its network for any further
suspicious activities and analysing any potential vulnerabilities within
its network infrastructure.

The firm said: "Our security and fraud monitoring systems picked up
suspicious activity involving external online attempts to exploit
vulnerabilities in our infrastructure to obtain customer data. We are still
investigating the nature and potential extent of the problem. However, we
feel that it is prudent to err on the side of caution and have made some
recommendations below. We are working on the assumption that your VoIPtalk
VoIP/SIP password may have been obtained. Therefore, we are notifying you
of this incident purely as a precautionary measure. At time of writing, we
are not aware of any fraudulent use of your account or misuse of your
information."

The details of the alleged data breach remain unclear as the firm is
reportedly still investigating the attack. The company said users would
only be allowed to place calls to the UK and other "common" international
destinations, while destinations will be blacklisted.

VoIPtalk said it would be implementing additional security measures in the
coming days, in efforts to protect user data. According to reports, the
firm's website was briefly unreachable on 12 September. It is still unclear
how attackers may have gone about breaking into the firm's network.Reports
indicate that a server compromise does not appear to have occurred.

VoIPtalk is yet to make any official announcement regarding the potential
breach, either on its site or social media.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160914/31939726/attachment.html>