We received a large number of outbound calls to a large number of phone numbers (a massive spam attack); I think this was due to a lost API key. Please send me the details of the call call_793c67944f8d6db24b1c8f122e7—how it was initiated, which API key was used, the IP address from which it was made, and any other important information that will help me understand the cause and resolve the issue to stop the spam attack. Please send the information to the Workspace account email. The Workspace in question is org_aCYwH7oYQ2lneKGd
Hi @itdep
Thanks for reporting that. I’ve shared the call details with the team and asked them to review what can be done. Once we receive a response, we’ll update you accordingly.
Thank You
Hi @itdep
- The attack ran from approximately 07:36 UTC to 18:15 UTC on April 12.
- All calls were initiated via the API using your API key
key_798c...01bafrom IP address 54.211.17.79 - The calls used your phone number
+1249468xxxxand primarily targeted two of your agents.
What we recommend:
- Rotate all API keys — If you have any API keys, regenerate them immediately as a precaution.
- Enable IP allowlisting — If you use the API from known servers, consider restricting API access to specific IP ranges.
The originating IP of the attack was 54.211.17.79. Unfortunately, we do not log additional details beyond the IP and API key for call creation requests, but this information should help you investigate further.
Thank You