ADVERTISEMENT

3CX data exposed, third-party to blame

A third-party vendor of 3CX, a popular Voice over Internet Protocol (VoIP) comms provider, left an open server and exposed sensitive 3CX data. The issue went under the company’s radar, even though it was recently targeted by North Korean hackers.

3CX data leak

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Jun 15, 2023 Updated: 27 June 2023 4 min read
“The finding suggests that the way 3CX deals with cyberattacks is insufficient since exposed instances were not detected. Meanwhile, skilled attackers could use the data to get back into 3CX networks.”
Cybernews researchers said.

What 3CX data was exposed?

  • Call metadata, including time, state, duration, phone number, and email
  • License keys
  • Encoded database strings
ADVERTISEMENT

3CX’s safety measures

Rocky disclosure process

ADVERTISEMENT