Company president reponds to reports on service security breach. The gist: The problem was not as serious as reported and was quickly corrected.
The following press statement was released by Broadvox Direct President Jeffery Williams in response to reports about a security breach with the VoIP sevice providers configuration:
Over the weekend, Broadvox Direct experienced a brief security breach that was the result of an administrative oversight. For less than two hours, a small number of customer configuration files were accessible on the Web. The exposure has been corrected, and the authentication information for each account has been changed for security reasons.
More importantly, the nature of the breach was such that a would-be digital identity thief would have been unable to take advantage of the information to exploit the services of another subscriber. While the configuration files did contain users’ credentials for our adapter device, they did not include other information required during the authentication process such as the serial number and MAC address. It is virtually impossible for a hacker to obtain the information required for authentication without having access to our internal processes as well as the adapter device itself. Therefore, it is highly unlikely that any customer accounts were compromised.
In addition, contrary to what has been reported, the files exposed do not represent all of our subscribers. The files represented only test accounts, a few live customers with pending configuration changes, and a handful of new customers whose files were waiting to be picked up by the adapter. This is a small fraction of our subscriber base.
Finally, and critically, the files in question did not contain any customer-identifiable information. We would like to assure our subscribers that their personally identifiable information is highly secure, and available only to select staff.