I don't know anything about this, so my questions are just speculative.
1. Do the calls show up in the Call History of your OBi? I suspect not, but it seems worth checking.
2. Was your CallWithUs password pretty simple, such as a name or dictionary word?
3. I would ask if you use that same password on other sites, but I am wondering how if somebody infiltrated a different site, how would they be able to pair that up with your CallWithUs number?
4. Do you use an auxiliary device with your SIP other than the OBi or telephone? Do you, for example have your own PBX or do you run an Asterisk server? It probably sounds like a silly question, but it happens that sometimes people don't mention such things.
5. Do you have anybody on your OBiTalk trusted callers list other than your own phones?
Clearly tougher passwords are much better. I like KeePass as a password manager.
To check the call history log:
1. If you do not know the IP address of your OBi, find IP address:
from your phone dial ***1 and listen for the IP address. Write it
down.
2.Let a comma represent a pause. On your connected phone,
dial ***0,30#, 1, 1 (for OBi202 for first time to enable WAN web access).
For OBi100, 110, 200 or subsequent OBi202 access instead dial just ***1.
Your OBi should read your current IP number to you. It is often
192.168.__.__ or 10.0.__/.___ where __ represents some numbers. Write
that down.
3. Enter the IP address that you wrote down into the address box on your
browser. If you don't know what a browser is, that means Internet Explorer,
Chrome or Safari. It could also mean Firefox, etc.
Be prepared to enter the password for your OBi. The username is admin.