Did anyone else just get the email about gdms security breach? Frak!
I have not… what is it claiming?
Dear Customer,
We are reaching out to notify you that Grandstream Networks, Inc. recently identified a potential security incident and is actively working to resolve the matter.
At Grandstream Networks, we take data privacy and security seriously and are committed to maintaining a secure environment. We recently identified suspicious activity targeting certain device accounts (including some of your device accounts) on our GDMS servers on AWS. We have initiated our incident response protocols and launched a comprehensive investigation. We are also contacting law enforcement. At this time, we do not yet know how long this investigation will take to conclude or what the results of the investigation will show.
While we have no evidence at this time to suggest that there is any impact to customer data or systems, out of an abundance of caution we strongly encourage you to change the passwords of your SIP devices registered to GDMS immediately.
As our investigation progresses and additional information becomes available, we will share any necessary updates. If you have any follow up questions, please do not hesitate to contact us immediately. If you need technical help to facilitate the above suggested operations, please visit https://helpdesk.grandstream.com.
We greatly value our business relationship and thank you for your understanding.
Grandstream Networks, Inc.
OOF. Off to change my passwords.
Same here, this will take a while. Sigh
Also kind of weird I don’t have an email from them.
Maybe the email has not gotten around to everyone yet.
One thing the email didn’t say was if wave passwords were compromised.
I haven’t seen this yet – who did it come from and what date/time did you get it?
It came from GDMS no_reply@gdms.cloud Came in at 5:52 est
I posted on the GS forum and one person said they received it. I have sent an email to a few GS folks I know and waiting to hear back.
Let us know when you hear back, please.
From Support:
Yes Zach, we have indeed identified suspicious activity related to our GDMS servers and we have initiated an investigation into the incident…At this time there is no evidence that customer data or systems have been impacted, however we strongly encourage you to:
- Change the GDMS admin login and enable the multi-factor authentication.
- Change any stored SIP device credentials.
As our investigation progresses and additional information becomes available, we will share any necessary updates.
Found this post on reddit.
https://www.reddit.com/r/VOIP/comments/1gxp29l/grandstream_sends_notice_of_gdms_security_incident/?rdt=41324
I did not receive an email either. My take on the wording is they suspect suspicious activity targeting your (and some others) gdms account.
That was kind of my take. Another reseller I know did not get the email but they contacted support and support said the the same thing to them.
I’ve changed every PBX login and password. In the process of changing sip passwords too. It’s a lot to do but not taking any chances.
I also received the email. Opened a trouble ticket with GS. They gave me the verbatim as also shown above. I asked for more details because I have too many systems and devices on GDMS, I need to know what was hacked so I can focus my energy on what I must change. Their response:
The security breach affected the SIP accounts passwords on your GDMS. Please change the SIP passwords for the SIP accounts used in your GDMS. We strongly recommend taking this action as a precautionary measure.
The login passwords for GDMS and for devices such as PBXs, IP phones, ATAs, or gateways have not been affected. SIP trunk credentials also remain unaffected.
The message I got was that out of an abundance of caution we should change them – not specifically that it had happened. So, if you don’t keep SIP connections in GDMS, you’re good?
BTW, I asked them via the ticket that I’d really like them to stop requesting passwordless access through the popup when using GDMS to remote access my UCM’s. I told them ‘out of an abundance of caution, can we please stop constantly requesting this, clicking cancel should stop this, it would reduce the chances my systems will get hacked’.
I have a number of junior techs in my group that have clicked the OK (meaning anyone on our GDMS) now allowing passwordless access to all the PBX’s we manage. Seems like an easy thing they could fix for higher security.
2 Likes