Feeds

IP phone man's Vonage hell

Number carousel let user see other punters' credit details

Business security measures using SSL

Vonage has apologised after coding slip-ups caused one of its customers to be billed 80 times - at a cost £5.99 per occasion - for changes to accounts that didn't belong to him.

Reg reader and UK-based small businessman Tom came to us with his problems last week after he found out he was able to see other customers' account details and credit card information when he logged into his Vonage account. The IP telephony firm had changed his number so many times that his Linksys router had given up to the ghost. To add insult to injury, Tom discovered he'd been billed scores of times for changes to other people's accounts.

Other customers were subsequently assigned numbers temporarily given to Tom. Another UK-based customer, Jeremy, was assigned a virtual number Tom had paid for, as a way of transferring calls when the latter moved business premises. Last week, Jeremy began receiving other peoples' calls. When Jeremy logged onto his account online, he saw Tom's details and contacted him.

Jeremy told us that unlike Tom he hadn't suffered much inconvenience as a result of the problem. "I may have missed a few calls so it's a little inconvenient, but I conduct most of my business online via email," Jeremy told El Reg

Tom told us he'd been unable to receive voice mails for 18 months since becoming a Vonage customer, a problem he attributes to the phone number merry-go-round he's been forced to endure. The problem peaked last week when he was able to see one of five other customer's personal and billing details at random when he logged into his account.

Since reporting his problems to Vonage, the IP telephony firm has sorted out the mess and Tom says he's now able to login and collect voicemail for the first time in 18 months. "I went to Vonage for the convenience of using the service when I go abroad and as a way of reducing my phone bill. In the end, I'd have been better to stay with BT," Tom told El Reg.

Tom said Vonage reps in New Jersey told him a scripting error was the root cause behind why he was assigned continuously changing numbers. Numbers temporarily assigned to him were reissued, which goes some way towards explaining why he could see other people's details when he logged onto his Vonage account, while not exactly getting to the bottom of the problem.

In a statement prompted by Register inquiries, Vonage said the mix-up was an isolated problem, for which it apologised.

"Vonage has conducted a thorough investigation of the issues raised. We found that in this customer's circumstance there was a temporary problem in the transfer of voicemail facilities following a change of number, due to an upgrade of the voicemail service, for which we apologise. While we cannot publicly discuss an individual's account details and usage, we can reassure Vonage customers that this was a unique and isolated situation. Vonage takes security extremely seriously, and appreciates the vigilance of this customer in raising their concern."

If you've had security problems with Vonage services this month we'd like to hear about your experiences. ®

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.