What to do after my account got compromised?
We understand that there are individuals who may attempt to gain unauthorised access to your Telnyx account, which can compromise your security. If you suspect that someone has accessed your account without your permission, there are some important steps you can take to protect your account and prevent future unauthorised access.
There are many ways a bad actor can gain access to your account, either because the same password was used in a another platform whose information was released or some creative social engineering. However it's imperative to take crucial steps to ensure said bad actor is not only prevented from accessing your account again but also does not have access to the API or voice products.
These are the specific steps needed to take to ensure your account is secure after somebody gained access to your Mission Control Portal:
Change login password for the compromised user in your organization. This can be done under the general settings of account.
Change credentials for all of your credential authentication based SIP connections. This can be done in the Sip Trunking page in the Voice section of your account. You also need to update the credentials on your phone system for it to be able to access the Sip trunk with the new credentials. Here's more information About Sip Connections on the Mission Control Portal. Make sure all the SIP connections in your account where setup by you and not the bad actor.
Check the configuration of all your IP authentication connections to make sure all the IPs in said connections are your IPs and not ones setup by the bad actor to run traffic from their own systems. Again refer to this article to check into specific guide on how to check your sip connections.
Regenerate the messaging profile secret for any messaging profiles using v1 of our API. This can be done in the Programmable Messaging page in the Messaging section of the portal by going into the messaging profile settings. You also need to update your messaging applications with the new secret. More information about messaging profiles on your Mission Control Portal can be found here.
Delete any API Key you currently had active when the bad actor accessed your account. You need to go into the Account Settings section then into the Keys and Credentials page and delete all then generate new API keys for your applications. You need to update the API keys of your applications for them to continue to have access to our products.
Check forwarding on all numbers in your account to make sure the bad actor has not setup forwarding to expensive numbers that could run bad traffic from your account even after securing it. You can read more about setting up forwarding in this article.
Check all your Programmable Voice API Applications and TeXML Applications to make sure they are actually yours and not applications configured by the bad actor that could automatically be running traffic on your account. Disabling the API key would prevent traffic through Voice API Applications but not TeXML Applications. So make sure you check into these too.
There are several steps you can take to prevent this happening in the future but the single most powerful thing you can do is enabling 2 factor authentication. You can do this by going into the My Account page in the Account Settings section of the portal.
If a bad actor has gained access to your system but not your account they can still have stolen the credentials for your sip connection, the messaging profile secret or the API keys if you had those setup in your system so make sure to update them in your Mission Control Portal.
For more information on other options to prevent fraud on your account like setting up limits please follow this guide.