Jump to content

3CX: Difference between revisions

From Consumer Rights Wiki
SpyCrab (talk | contribs)
added sources. reworked stuff (most of the page need some form of restructuring)
Burt79 (talk | contribs)
Minor editing changes.
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
{{SloppyAI}}
{{StubNotice}}
{{StubNotice}}
3CX, Inc., is a software development company and developer of the 3CX Phone System<ref name=":0">{{Cite web |last=3CX |title=ENTERPRISE GRADE PHONE SYSTEM |url=https://www.3cx.com/phone-system/ |archive-url=https://web.archive.org/web/20250813032918/https://www.3cx.com/phone-system/ |archive-date=2025-08-12 |access-date=2025-08-12 |website=3cx.com}}</ref>.
3CX, Inc., is a software development company and developer of the 3CX Phone System<ref name=":0">{{Cite web |last=3CX |title=ENTERPRISE GRADE PHONE SYSTEM |url=https://www.3cx.com/phone-system/ |archive-url=https://web.archive.org/web/20250813032918/https://www.3cx.com/phone-system/ |archive-date=2025-08-12 |access-date=2025-08-12 |website=3cx.com}}</ref>.


The 3CX Phone System is a software private branch exchange based on the SIP (Session Initiation Protocol) standard to allow calls via the public switched telephone network (PSTN) or via Voice over Internet Protocol (VoIP) services <ref name=":0" />.
The 3CX Phone System is a software private branch exchange based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard to allow calls via the public switched telephone network (PSTN) or via [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.


In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging the services of Google-owned cybersecurity firm Mandiant<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=Mar 31, 2023 |title=3CX Supply Chain Attack — Here's What We Know So Far |url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-date=June 27, 2025 |access-date=2025-08-12 |website=hehackernews.com}}</ref> and advising customers to uninstall affected versions.  
In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging the services of Google-owned cybersecurity firm [[wikipedia:Mandiant|Mandiant]]<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=Mar 31, 2023 |title=3CX Supply Chain Attack — Here's What We Know So Far |url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-date=June 27, 2025 |access-date=2025-08-12 |website=hehackernews.com}}</ref> and advising customers to uninstall affected versions.  


==Controversies==
==Controversies==
Line 13: Line 12:


====Supply Chain Incident Response====
====Supply Chain Incident Response====
In March 2023, 3CX was the victim of a high-profile supply chain attack, through to be the result of a cascade failure starting with the software X_Trader. This attack was likely caused by North Korean state-sponsored hackers <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>
In March 2023, 3CX was the victim of a high-profile supply chain attack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was likely caused by North Korean state-sponsored hackers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>


3CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>
3CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>

Latest revision as of 10:40, 13 August 2025

Article Status Notice: This Article is a stub


This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

3CX, Inc., is a software development company and developer of the 3CX Phone System[1].

The 3CX Phone System is a software private branch exchange based on the Session Initiation Protocol (SIP) standard to allow calls via the public switched telephone network (PSTN) or via Voice over Internet Protocol (VoIP) services [1].

In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging the services of Google-owned cybersecurity firm Mandiant[2] and advising customers to uninstall affected versions.

Controversies[edit | edit source]

Customer and Partner Relations[edit | edit source]

The company's CTO, Nick Galea, has been the subject of criticism from some 3CX users and partners for alleged heavy-handed moderation practices and perceived unprofessional conduct in public forums. Multiple users on Reddit have reported being banned from the official 3CX community forums for raising technical concerns or criticizing company policies. [3][4]

Supply Chain Incident Response[edit | edit source]

In March 2023, 3CX was the victim of a high-profile supply chain attack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was likely caused by North Korean state-sponsored hackers. [5]

3CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.[6]

"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com)

References:[edit | edit source]

  1. 1.0 1.1 3CX. "ENTERPRISE GRADE PHONE SYSTEM". 3cx.com. Archived from the original on 2025-08-12. Retrieved 2025-08-12. {{cite web}}: |archive-date= / |archive-url= timestamp mismatch; 2025-08-13 suggested (help)CS1 maint: numeric names: authors list (link)
  2. Lakshmanan, Ravie (Mar 31, 2023). "3CX Supply Chain Attack — Here's What We Know So Far". hehackernews.com. Retrieved 2025-08-12. {{cite web}}: Check |archive-url= value (help)
  3. "My 3CX Partnership Deleted and All Linked Clients Lost".
  4. "Banned from the 3CX Community".
  5. Greenberg, Andy (Apr 20, 2023). "The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks". Wired. pp. 2025-08-12. Archived from the original on July 26, 2025.
  6. CrowdStrike (2023-03-29). "// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers //". reddit.