FOOD FOR THOUGHT Vitelity hacking?

[Federico]

Today I received emails on two Vitelity accounts indicating trials to reset my password. Anyone else?
The messages indicated that my security questions were not succesfully answered. The attackers had South African IP addresses. Vitelity reset my password to a new one (shown on the email) and asked me to set a new password. I don't know why Vitelity changes your password upon an unseccseful password reset, it doens't seem like a good practice...
I tried to reach Vitelity's web page but it was unresponsive. Later, I was finally able to log in and change my password.

 

[hbonath]

Yep, I woke up to 3 different Vitelity password resets this morning...

 

[Jeff Schade]

Same here. Changed my password as soon as I got in to the office and all is back to normal.

Of course, in addition to the mentioned need to regularly change your passwords, here is a great example of why you should never set your account to auto-replenish. I really don't need to explain a $20,000 phone bill to my boss today.

 

[wardmundy]

I really don't need to explain a $20,000 phone bill to my boss today.

Heh. More bad news usually follows those discussions...

 

[Trimline2]

Which leads me to this question. Is there a new and improved Whitelist installation script?

 

[w1ve]

My most-active PIAF is publicly hosted on RentPBX. I have the UI on port 80; I have international trunks and extensions,. That said, I use very, very strong passwords (very long and complex), and of course do not allow anonymous sip.
I think that if you take the right measures, PIAF is very secure, and the measures you need to take are not that complex. For PSTN trunking, I never auto-replenish and always have a circuit-breaker for maximum burn rate (if possible).

There have been a LOT of attacks lately. It's the nature of an interconnected internet. Network Solutions DNS service was down for most of yesterday -- unreal -- our corporate infrastructure was a mess for a good part of the day (I told them not to rely on a single DNS provider -- even if they have geographic diversity.)

 

[privacy_nazi]

The same thing happened to me. My biggest concern is how the account names were discovered.

Vitelity Portal Attack Notice

This morning, I got a notice from Vitelity that their portal was under attack:

"A large scale scan attack was attempted last night around 1am on our portal logins, therefore you may have received an email with a new password. We apologize if this has inconvenienced you."

The offending IP address was 41.84.119.135 but the security question could not be answered. I changed my password as directed, but am stumped as to how the hackers would even know what the login name would be.

Anyone else get a notice or know what may be going on?

Initially I missed reading that link that lgaetz posted and Vitelity never sent any information about a large scale attack to me. Neither did a friend of mine who got the same password reset email others verified. We both wondered the same thing, and assumed that there must have been a leak of the login data. Which coincides with their recent rollout of a new API.

I opened up a support ticket on Friday (the day I read that email) and there has been no reply yet. I also referenced a previous support ticket which brought to their attention a serious flaw in their handling of CDRs. This was when they switched from the more secure but albeit slower method of requiring HTTPS to view/download CDRs to the new method of email/HTTP downloads (email w/HTTP link). The directory used for such HTTP downloads was publically indexable and contained CDRs which were from other customers, some of which had been there for months and one was 365MB in size. Which to their credit they did fix in a timely manner but it certainly made me wonder how it could happen in the first place. It was a social engineering goldmine.

In any case has anyone heard anything further on the matter? I've been a long term customer at Vitelity but have grave concerns about how secure my data and payment methods are in light of this incident.