Aatrox Communications - [Security Alert] - Grandstream GDMS Portal Compromised – Incident details

Note: This is only applicable if you use the Grandstream GDMS Portal to manage your Grandstream hardware. This is a courtesy email to inform all of our customers and partners utilising the Grandstream GDMS system to provision their equipment that the GDMS system itself has been compromised in the last few days. Grandstream has sent out an advisory which we have linked to in the image below: We recommend that any partners who use the GDMS system immediately update all their passwords as they have likely been compromised. There is some discussion on the forum post below if you want more information. https://www.reddit.com/r/VOIP/comments/1gxp29l/grandstream_sends_notice_of_gdms_security_incident/ Please be assured that our Aatrox systems have not been compromised in any way and this exploit is specific to the Grandstream GDMS platform which we are not affiliated with in any way. However, we do know that many of our partners prefer to use GDMS instead of their PBX phone provisioning system. We advise that customers who are concerned about the security of the GDMS system switch to using their PBX phone provisioning system instead. We cannot comment on the current state of GDMS or whether it is safe to continue using it going forward. Unless there is a specific reason to continue using GDMS, we recommend that affected customers update their account passwords and switch to using our provisioning systems instead. If you have any questions feel free to reach out to our team but keep in mind that we do not have any more information on the Grandstream Portal compromise other than what has been reported above.