Forum Discussion

Plexus_Tech's avatar
Plexus_Tech
New Contributor
8 months ago

Voicemail Hack

Hello All,

 

Just a word of caution to be sure to reset voicemail PINs.  We had a client where a hacker pulled their main company phone number off their website, called their number in the middle of the night, waited for voicemail to come up, pressed *, and used the default PIN of 0000, which allowed him access to listen to the voicemails stored in the shared mailbox.  There happened to be a message there from one of their customers and he took down the customer's info and contacted them the next morning, representing himself as an employee of our client, trying to sell them services via a CVS gift card.  That made the person who was called suspicious enough to hang up and call the company directly.

 

That same client let us know they heard from another firm that a similar thing had happened to them.  I don't know if it's a wide-spread thing, but I had not heard of it before.  I just wanted to let everyone know to remember to go back and check for default PINs on exposed mailboxes and reset them.   Unfortunately, hackers will use any and every possible means of getting info to make scam calls!

 

John

  • GlennD's avatar
    GlennD
    GoTo Manager

    Hi Plexus_Tech, welcome to the community.

     

    Thank you for bringing this important issue to our attention. We will absolutely make sure this is highlighted for new customers when they are setting up voicemail and encourage existing customers to review the PIN codes they are using.

     

  • mkeaton's avatar
    mkeaton
    Frequent Contributor

    Wow I'm actually shocked this hasn't been emailed out to anyone yet! After dealing with the fall out from the change healthcare hack we wont be waiting to remedy this one.  GoTo could be preemptive and simply make it anything other than 0000 when starting up and requiring a PW change on set up. Once a vulnerability is found it should be corrected.

     

    For those that do them, this should be noted in your Risk Assessments (HITECH)

     

    Thank you so much for sharing!! Now to change 80 users VM PINS lol

    • GlennD's avatar
      GlennD
      GoTo Manager

      mkeaton We do cover this in our onboarding and support documentation when setting up voicemail, changing the PIN is the last step in the process. We are looking into appropriate reminders for customers to check that they/their users completed changing their PIN in the last step.

       

      • Plexus_Tech's avatar
        Plexus_Tech
        New Contributor

        Hi Glenn,

         

        Thanks for that response.  Maybe something from GoTo stressing the importance of changing that PIN.  I don't think the average user even thinks that someone could use that to get into their email.

         

        Thanks,

         

        John