We regret to inform you that 3CX company has become victim to an attack on the product and the larger supply chain. Our highest priority is to be transparent in sharing details on what actions 3CX and we are taking in response to this incident and what we know to date, to decline the inconvenience it may cause.
On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts. Initial investigation suggested the incident was carried out by a highly experienced and knowledgeable hacker. 3CX are working closely with law enforcement and other authorities.
According to the situation and information that provided from 3CX, this is what recommended to do now:
Uninstall the 3CX Electron Desktop Application from all Windows or Mac OS computers.
Continue AV scans and EDR solutioning in your organization's networks for any potential malware with the latest signatures.
Switch to using the PWA web client app rather than Desktop App.
a. For installation, go to the 3CX Web Client
b. Click “Install 3CX” on top of your address bar. It doesn’t require installing any binary and runs within your browser sandbox.
As a token of gratitude for your patience and support, 3CX are extending customers’ subscriptions by 3 months free of charge. This extension will be applied automatically in the coming weeks.
We will stay on track of the following updates from 3CX and do our best to assist our customer, please do not hesitate to contact us if there is any issue.
We appreciate to your patience and support.