3CX

🔧 Article status notice: This article heavily relies on AI/LLMs

This article has been marked because its heavy use of LLM generated text may affect its percieved or actual reliability and credibility.

To contact a moderator for removal of this notice once the article's issues have been resolved, you can use the #appeals channel on our Discord server (Join using this link]) or use the talk pages on the wiki and leave a message to any of the moderators. List of current moderators.

Learn more ▼

❗Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

3CX, Inc., is a software development company and developer of the 3CX Phone System.

The 3CX Phone System is a software private branch exchange based on the SIP (Session Initiation Protocol) standard to allow calls via the public switched telephone network (PSTN) or via Voice over Internet Protocol (VoIP) services.

In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging cybersecurity firm Mandiant and advising customers to uninstall affected versions. His communication during the breach received mixed reactions from the broader IT and managed service provider (MSP) communities.¹²

Controversies[edit | edit source]

Customer and Partner Relations[edit | edit source]

The company's CTO, Nick Galea, has been the subject of criticism from some 3CX users and partners for alleged heavy-handed moderation practices and perceived unprofessional conduct in public forums. Multiple users on Reddit have reported being banned from the official 3CX community forums for raising technical concerns or criticizing company policies.³⁴

A recurring theme in these reports includes:

Forum bans for dissenting feedback: Users claimed Galea personally blocked access to forums or terminated partnerships following criticism.⁴
Removal of public complaints: Several threads were deleted from Reddit and the 3CX community forums after users described negative experiences with Galea or 3CX leadership.³⁵
Alleged partner retaliation: Some partners allege that their access to client accounts was revoked without prior warning.⁶

Supply Chain Incident Response[edit | edit source]

In March 2023, 3CX was the victim of a high-profile supply chain attack, with desktop clients distributed via trojanized updates. During the incident, 3CX's CTO issued statements that were later scrutinized for tone. A now-deleted Reddit comment attributed to the CTO dismissed concerns by saying the issue was “not an exploit, it’s a feature,” which some MSPs interpreted as flippant.⁷

In addition, 3CX faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.¹

References:[edit | edit source]

“20230329 Situational Awareness - Crowdstrike,” r/crowdstrike, Reddit thread
“3CX desktop app compromised, abused in supply chain attack,” TechTarget, techtarget.com
“My 3CX Partnership Deleted and All Linked Clients Lost,” r/3CX, Reddit thread
“Stay Away from 3CX,” r/3CX, Reddit thread
“Banned from the 3CX Community,” r/3CX, Reddit thread
“Anyone else ever been fired by 3CX as a customer?” r/3CX, Reddit thread
“3CX Compromise Confirmed by Nick,” r/msp, Reddit thread