I've been using a business voip plan of 5 lines with 2Talk for a few years now, without issue, but in the last week I've had multiple "FRAUD ALERT" emails from 2talk (which appear to be automated) saying one of my lines has been making suspicious calls. Had this happen to 3 different lines.

Sure enough, check the 2talk portal, and a bunch of calls to overseas, some to the UK, and some to 'Tigo Senegal Mobile'.
Today I've been charged $24.15 alone!!!

Anyway, the automated emails from 2talk say they have blocked all overseas calls (except AU NZ) from the number, that is fine.

However, each time I got this fraud/hack email, I did this:

 

1. Change my 2talk password, using a completely randomly generated alphanumeric password, 20 length
2. Check that my 2 voip devices aren't exposed via any port forwarding rules in router. (3 lines are using grandstream desk phone, 1 line on NF4V router, checked router isnt available via WAN)
3. Enabled "Authorisation PIN Code" on all lines via 2talk portal, so any overseas calls need to enter PIN code.

BUT each time, it appears to be hacked again, fraud calls made, and get another automated email from 2talk.

And strangely enough, the "Authorisation PIN Code" option has been turned OFF??? Has the hacker managed to do this??

I've tried calling 2talk for further info (but get sick of holding after 30 minutes), sent multiple emails (no response).

I even asked 2talk to check SIP logs to see who the offending IP address was, as I have a static IP, and pretty sure its not my devices making these calls, it must be someone who has managed to get hold of the SIP password.
And with my SIP password perhaps they are logging into the 2talk portal, and disabling the "Authorisation PIN Code", because how else would that get turned off? (star code?)

I've also run multiple virus/malware scans on my PC, in case there was some key logger or backdoor, or something suspicious running.

What else can I do?

As 2talk themselves are not helping at all.