Monitoring - Netmatters has been made aware of two security incidents across 3CX phone systems which have involved unauthorized access to user extension login credentials. These breaches have resulted in fraudulent outbound calls being made through compromised extensions.
As a result we are recommending the following to all our 3CX customers:
Recommended Actions:
As a safeguarding measure to protect your 3CX system from unauthorised access, we strongly recommend implementing the following steps:
1) Reset All User Extension Passwords
- This can be done by system administrators going into the user extension and pressing “Reset password” or your users can do this by going to your 3CX phone system URL and following the “Forgot Password” link on this screen. They will receive an email to reset their password with either method.
- Ensure new passwords are strong and unique. 3CX does enforce a minimum of a 10-character alpha-numeric password, however you should also encourage users not to passwords that could include their names, business names, or other common passwords like “Password1!”
Include resetting your 3CX passwords within your password policy
2) Enable 3CX Two-Factor Authentication (2FA)
- This is still required even if you currently use Google or Microsoft 365 Single-Sign on (SSO), as the 3CX extension credentials can still be used to sign in.
- This will require users signing out of their 365/Google authenticated login and signing in with their 3CX credentials to configure 2FA. Once configured, they can sign out and sign back in using Google/Microsoft 365.
- Whilst signing in with 2FA requires the additional step, it significantly reduces the risk of credential-based attacks. The requirement of a second verification method beyond a password when logging in means even compromised credentials alone cannot be used.
- If you are using the PWA app, you are only required to sign into the app with 3CX 2FA the first time after enabling it and not every time you use the app. Should you try to sign in on a different device or use the web browser to sign into the system, this is where you will be prompted to enter your 2FA code again.
- To enable 3CX 2FA, Administrators can enable it against all users in bulk under Admin > Users > 2FA
Extra Measures for added security and to minimise the impact of breach:
These additional measures can be implanted to further lock down access within 3CX, or are other general recommendations to consider:
1) Review your Allowed Country Codes configured within 3CX and untick locations to prevent outbound calls to those countries you do not frequently call.
This is found under Admin > Advanced > Allowed Country Codes
2) Create Outbound Rules which specify which users are allowed to make international calls, and another rule to block the 00 prefix as default which is needed to make these calls.
We recommend creating a specific Department containing the allowed users to be used in conjunction with the outbound rule.
3) Resetting passwords on other websites/applications that may use the same email and password as was configured with 3CX.
4) Refresh your teams to be vigilant against email phishing attempts.
5) Ensure Multi-Factor Authentication is enabled on other services that have this feature available, particularly Microsoft 365/Google accounts.
Set hours of operation to prevent calls being made via your user extensions out of hours – the 2 incidents that we are aware of, involved calls being triggered at 2am
6) If you are subject to any level of breach involving another service (such as email) you should also consider changing your 3CX passwords (sometimes these get forgotten about).
Admin Access Support:
Your internal technical contact should already have administrator access to your 3CX system. If no administrator access is currently available internally, Netmatters can grant admin-level permissions to a designated team member upon request so you are able to complete the recommended actions.
If you require any assistance implementing these changes or our help to assign admin access, or if you have any other concerns you wish to discuss, please email the Netmatters Support Team at support@netmatters.com.
If you need any further assistance from a wider IT security viewpoint, Netmatters IT team are available to assist - we have specialists in cyber security who can be on hand to help.
Jul 25, 2025 - 06:48 BST
As a result we are recommending the following to all our 3CX customers:
Recommended Actions:
As a safeguarding measure to protect your 3CX system from unauthorised access, we strongly recommend implementing the following steps:
1) Reset All User Extension Passwords
- This can be done by system administrators going into the user extension and pressing “Reset password” or your users can do this by going to your 3CX phone system URL and following the “Forgot Password” link on this screen. They will receive an email to reset their password with either method.
- Ensure new passwords are strong and unique. 3CX does enforce a minimum of a 10-character alpha-numeric password, however you should also encourage users not to passwords that could include their names, business names, or other common passwords like “Password1!”
Include resetting your 3CX passwords within your password policy
2) Enable 3CX Two-Factor Authentication (2FA)
- This is still required even if you currently use Google or Microsoft 365 Single-Sign on (SSO), as the 3CX extension credentials can still be used to sign in.
- This will require users signing out of their 365/Google authenticated login and signing in with their 3CX credentials to configure 2FA. Once configured, they can sign out and sign back in using Google/Microsoft 365.
- Whilst signing in with 2FA requires the additional step, it significantly reduces the risk of credential-based attacks. The requirement of a second verification method beyond a password when logging in means even compromised credentials alone cannot be used.
- If you are using the PWA app, you are only required to sign into the app with 3CX 2FA the first time after enabling it and not every time you use the app. Should you try to sign in on a different device or use the web browser to sign into the system, this is where you will be prompted to enter your 2FA code again.
- To enable 3CX 2FA, Administrators can enable it against all users in bulk under Admin > Users > 2FA
Extra Measures for added security and to minimise the impact of breach:
These additional measures can be implanted to further lock down access within 3CX, or are other general recommendations to consider:
1) Review your Allowed Country Codes configured within 3CX and untick locations to prevent outbound calls to those countries you do not frequently call.
This is found under Admin > Advanced > Allowed Country Codes
2) Create Outbound Rules which specify which users are allowed to make international calls, and another rule to block the 00 prefix as default which is needed to make these calls.
We recommend creating a specific Department containing the allowed users to be used in conjunction with the outbound rule.
3) Resetting passwords on other websites/applications that may use the same email and password as was configured with 3CX.
4) Refresh your teams to be vigilant against email phishing attempts.
5) Ensure Multi-Factor Authentication is enabled on other services that have this feature available, particularly Microsoft 365/Google accounts.
Set hours of operation to prevent calls being made via your user extensions out of hours – the 2 incidents that we are aware of, involved calls being triggered at 2am
6) If you are subject to any level of breach involving another service (such as email) you should also consider changing your 3CX passwords (sometimes these get forgotten about).
Admin Access Support:
Your internal technical contact should already have administrator access to your 3CX system. If no administrator access is currently available internally, Netmatters can grant admin-level permissions to a designated team member upon request so you are able to complete the recommended actions.
If you require any assistance implementing these changes or our help to assign admin access, or if you have any other concerns you wish to discuss, please email the Netmatters Support Team at support@netmatters.com.
If you need any further assistance from a wider IT security viewpoint, Netmatters IT team are available to assist - we have specialists in cyber security who can be on hand to help.
Jul 25, 2025 - 06:48 BST
Shared Web/Email Hosting Platform
Operational
Sysflow Managed Platform
Operational
Microsoft Office 365
?
Operational
Managed DNS Platform
Operational
Broadband Internet Access
Operational
Server Colocation Facility
Operational
VoIP Phone Systems
Operational
Hosted Exchange 2016
Operational
Hosted Exchange 2013
Operational
Broadband Services
Operational
Email Signatures
?
Operational
Email Filtering
?
Operational
Data Backup Services
?
Operational
Cloud Servers
?
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.