We are a 2-person law firm based in San Francisco. We have been Jive/GoTo customers since 2015. If you were to look through our 8 year history of call records, I doubt you’d see even 1 single international call.
Then, suddenly, in one 24-hour period between April 27 and April 28, no fewer than 153 international calls totaling 3,895 minutes (65 hours) were made from a single extension (x1002). Based on the international dialing codes shown, calls were made to the following countries:
93 = Afghanistan
233 = Ghana
504 = Honduras
373 = Moldova
263 = Zimbabwe
377= Kosovo
593 = Ecuador
218 = Libya
Notably, the call records show multiple calls were placed at exactly the same minute of the day. For example, one record shows a 28 minute call to Libya on April 28 at 12:17 pm, while another record shows a 15 minute call to a different number in Libya, also made on April 28 at 12:17 pm.
Needless to say, we did not make any of these calls, and it would have been physically impossible for us to have made so many simultaneously.
This security breach is alarming far beyond the fact that GoTo has charged use $562.22 for the calls. How can we be sure this problem won't’ recur? Or that other of our private information has not been compromised?
