London-based telephony provider VolPtalk may have been hit by hackers. The firm began discreetly informing customers about a potential data breach having been detected over the weekend. Customers were also requested to reset their passwords as a precautionary measure.
The firm sent out a notice to customers, posted by a VoIPtalk user on a forum, apologising for any inconvenience caused. It explained that it had detected "suspicious activity" and said hackers may be attempting to access user data. The firm added that in efforts to ensure extra protection to user data, it was "actively monitoring" its network for any further suspicious activities and analysing any potential vulnerabilities within its network infrastructure.
The firm said: "Our security and fraud monitoring systems picked up suspicious activity involving external online attempts to exploit vulnerabilities in our infrastructure to obtain customer data. We are still investigating the nature and potential extent of the problem. However, we feel that it is prudent to err on the side of caution and have made some recommendations below. We are working on the assumption that your VoIPtalk VoIP/SIP password may have been obtained. Therefore, we are notifying you of this incident purely as a precautionary measure. At time of writing, we are not aware of any fraudulent use of your account or misuse of your information."
The details of the alleged data breach remain unclear as the firm is reportedly still investigating the attack. The company said users would only be allowed to place calls to the UK and other "common" international destinations, while destinations will be blacklisted.
VoIPtalk said it would be implementing additional security measures in the coming days, in efforts to protect user data. According to reports, the firm's website was briefly unreachable on 12 September. It is still unclear how attackers may have gone about breaking into the firm's network. Reports indicate that a server compromise does not appear to have occurred.
VoIPtalk is yet to make any official announcement regarding the potential breach, either on its site or social media.