Wow, sorry to hear about this.
Just following up on my comment and your subsequent question about GV security:
I assume that you've updated your OBis to their latest firmware level. Since none of us have a 508, we can't look for you, but according to this forum's firmware section, the latest build is 4764 from June 2015. The build level and release note information in that section are poorly maintained, so I suggest contacting Obihai about your issue in general, to see if they have any ideas.
Using the 2015 or newer firmware, access to one's Google Voice account no longer stores your Google account password on the device. Instead, during the process of you provisioning GV on an OBi, via the OBiTALK web portal, OBiTALK will use the OAUTH 2.0 protocol to securely request and, with your approval, obtain a secure access token for the Google Chat service used by OBi devices.
I am not a security expert, so I don't know if the attacker is using your GV account(s). I doubt it. But, as we've been discussing, a shotgun, pre-emptive change of all passwords would be a good idea.
If you can, I would delete all of the Google Voice SP configs on your OBi(s). Then, log into your Google accounts and go here:
https://security.google.com/settings/security/permissions?pli=1Find and click on, and then delete, all the permissions that have the tiny OBiTALK logo to the left, e.g. "Google Voice". Delete any permissions for apps you don't use or don't recognize.
This will delete the OAUTH 2.0 permission that had been granted for OBiTALK.
Change your Google account passwords to new, unique (not used on any other website) passwords.
There are also two potentially different passwords for OBi stuff: when you sign into your OBiTALK dashboard account, you either use a user ID and password you created specifically for OBiTALK, or you use your Google account password, again, via OAUTH. Figure out which method you are using, and change the password accordingly. Then, each OBi device has an admin password. If you haven't changed those, do so now.