Zoiper stores our SIP passwords on its servers - and lost this base?

    Zoiper logo
    Strange at first glance, the title, but I can not draw a different conclusion.

    On Saturday, SIPNET sent a notification that our account was hacked and there was activity "internationally." The thing is that only the telephony system on Asterisk actually knows the password for the SIPNET account, and it is such that it is impossible to guess it. But, as it turned out, he was not guessed.


    The study showed that there really were calls from Friday to Saturday, with a total cost of no more than $ 2. Typically, all these calls were made using accounts that were ever configured on Android devices of employees in the Zoiper program . Each has been tried.an account that has ever been set up in Zoiper. The last such account was created about two to three weeks ago, they installed, tried and forgot Zoiper, no work through free wifi in a cafe and the like.
    The passwords on these accounts were not supposed to be stored by a person (they were saved in the program), and were randomly generated, that is, their selection according to the dictionary is excluded.
    This happened in the period from 1 to 3 hours Moscow time, at which time the employees were asleep.

    Thus, the only thing left to assume is that Zoiper collected passwords from our accounts on its servers, stored them there in an open (or reversibly encrypted) form, and lost this database.

    Thank SIPNET

    Also popular now: