Cisco Duo, a leading provider of multi-factor authentication (MFA) and single sign-on (SSO) solutions, has issued a warning about a security breach affecting some of its customers. The company disclosed that SMS and VoIP message logs used for MFA authentication were compromised in a cyberattack targeting its telephony provider.
Details of the Breach
Cisco Duo’s security team revealed that hackers gained access to MFA message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024. This unauthorized access was achieved by obtaining employee credentials through a phishing attack on the telephony provider.
While the provider confirmed that the attackers did not access the content of the messages or use them to send messages to customers, the stolen logs contain data that could be exploited in targeted phishing attacks. The compromised information includes phone numbers, location data, dates, times, and message types.
Response and Measures Taken
Cisco Duo is actively working with the affected provider to investigate and address the incident. Additional security measures have been implemented to prevent similar future incidents. Additionally, affected customers are encouraged to request the exposed message logs to better understand the scope of the breach and develop appropriate defense strategies.
Recommendations and Warnings
Cisco Duo warns affected customers about the potential for phishing or social engineering attacks using the stolen information. Users are urged to be vigilant and report any suspicious activity. Additionally, it is recommended to educate users about the risks associated with social engineering attacks.
Background and Context
This incident highlights the growing threat of social engineering and phishing attacks, as warned by the FBI last year. Previous examples, such as the Uber attack in 2022, illustrate how hackers can leverage MFA message logs to infiltrate corporate systems.
While Cisco has not disclosed the name of the provider or the exact number of affected customers, this incident underscores the importance of cybersecurity and the need to always remain vigilant against potential threats. Organizations should take proactive measures to protect their systems and educate their personnel on best practices for online security.
