The sub-account passwords: the ones used by the ATA. Whoever is hacking in doesn't seem to be accessing the main portal directly, so they don't seem to be changing settings (or passwords!). But somehow they are acquiring (sub-)account numbers and the corresponding SIP passwords.
But really, yeah, change ALL passwords, and disable their "API" thingie.
Previous Topic
Index
