IP phone man's Vonage hell

Number carousel let user see other punters' credit details

Vonage has apologised after coding slip-ups caused one of its customers to be billed 80 times - at a cost £5.99 per occasion - for changes to accounts that didn't belong to him.

Reg reader and UK-based small businessman Tom came to us with his problems last week after he found out he was able to see other customers' account details and credit card information when he logged into his Vonage account. The IP telephony firm had changed his number so many times that his Linksys router had given up to the ghost. To add insult to injury, Tom discovered he'd been billed scores of times for changes to other people's accounts.

Other customers were subsequently assigned numbers temporarily given to Tom. Another UK-based customer, Jeremy, was assigned a virtual number Tom had paid for, as a way of transferring calls when the latter moved business premises. Last week, Jeremy began receiving other peoples' calls. When Jeremy logged onto his account online, he saw Tom's details and contacted him.

Jeremy told us that unlike Tom he hadn't suffered much inconvenience as a result of the problem. "I may have missed a few calls so it's a little inconvenient, but I conduct most of my business online via email," Jeremy told El Reg

Tom told us he'd been unable to receive voice mails for 18 months since becoming a Vonage customer, a problem he attributes to the phone number merry-go-round he's been forced to endure. The problem peaked last week when he was able to see one of five other customer's personal and billing details at random when he logged into his account.

Since reporting his problems to Vonage, the IP telephony firm has sorted out the mess and Tom says he's now able to login and collect voicemail for the first time in 18 months. "I went to Vonage for the convenience of using the service when I go abroad and as a way of reducing my phone bill. In the end, I'd have been better to stay with BT," Tom told El Reg.

Tom said Vonage reps in New Jersey told him a scripting error was the root cause behind why he was assigned continuously changing numbers. Numbers temporarily assigned to him were reissued, which goes some way towards explaining why he could see other people's details when he logged onto his Vonage account, while not exactly getting to the bottom of the problem.

In a statement prompted by Register inquiries, Vonage said the mix-up was an isolated problem, for which it apologised.

"Vonage has conducted a thorough investigation of the issues raised. We found that in this customer's circumstance there was a temporary problem in the transfer of voicemail facilities following a change of number, due to an upgrade of the voicemail service, for which we apologise. While we cannot publicly discuss an individual's account details and usage, we can reassure Vonage customers that this was a unique and isolated situation. Vonage takes security extremely seriously, and appreciates the vigilance of this customer in raising their concern."

If you've had security problems with Vonage services this month we'd like to hear about your experiences. ®

Sponsored: 5 critical considerations for enterprise cloud backup