Cisco Duo says a third-party data breach stole MFA SMS logs
Cisco Duo has confirmed that sensitive customer data was stolen following a third-party cyber incident.
In a violation notification letter Sent to affected customers, Cisco Duo said its telephony provider, which it did not name, was compromised on April 1, 2024. Unidentified threat actors launched a phishing attack on the third party, stealing credentials to the company’s systems.
Using these credentials, the attackers downloaded SMS and VoIP MFA message logs associated with specific Duo accounts. The logs were generated in March, it said.
Smishing incoming
“The message logs do not contain message content, but do contain the phone number, telephone company, country and state to which each message was sent, as well as other metadata (e.g., date and time of message, type of message, etc.),” reads the message.
“The Provider has confirmed that the threat actor did not download or otherwise access the contents of any messages, or use its access to the Provider’s internal systems to send messages to any of the numbers in the message logs.”
Obtaining phone numbers and other metadata is likely enough to conduct social engineering attacks such as phishing or even identity theft. Cisco warned its customers to be wary of incoming text messages. “Also consider educating your users about the risks of social engineering attacks and investigating suspicious activity.”
When the victim company discovered the incident, they invalidated the compromised credentials and sent Cisco a message about what happened. They then implemented “additional technical measures” to prevent similar incidents in the future, and to limit the damage caused by this attack.
Cisco Duo has over 100,000 customers and processes over a billion authentications every month. It has over 10 million downloads on Google Play.
Through BleepingComputer