The Grandstream Device Management System (GDMS) cloud platform has been compromised. Multiple Managed Service Providers (MSPs) report that SIP credentials stored in GDMS have been stolen and misused internationally, including in the US.
Grandstream has sent an email acknowledging the breach but is still investigating the cause. They recommend changing your logins and SIP credentials immediately.
https://www.reddit.com/r/VOIP/comments/1gxp29l/grandstream_sends_notice_of_gdms_security_incident/
I have not received an email about it yet, but when I logged in this morning I did receive a notice about “unusual activity” and a message that I needed to change my SIP passwords.
Thank you for posting this… I likely wouldn’t have logged into my GDMS account until I had to provision another phone, which might be weeks or even months from now.
I’m glad I use only white-listed IP’s.
I’m glad I use only white-listed IP’s.
That’s my SOP for everything. And, I don’t reuse passwords, so I’m not worried about my SIP credentials floating around out in darkweb land. However, this breach DOES open up potentially new threat avenues by giving bad actors additional private/internal information - such as names, extensions, address books, etc.
I’ve used Grandstream products since 2002 and they’ve been my go-to VoIP provider for most of that time. But it’s still disappointing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.