Cisco Duo says a third-party data breach stole MFA SMS logs
Hackers stole phone numbers of Cisco Duo customers
Cisco Duo has confirmed some sensitive customer data was stolen after a third-party cyber-incident.
In a breach notification letter sent to affected customers, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Unidentified threat actors mounted a phishing attack against the third party, through which they stole login credentials for the company’s systems.
With those login credentials, the attackers downloaded SMS and VoIP MFA message logs associated with specific Duo accounts. The logs were generated in March, it was said.
Smishing incoming
“The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.),” the message reads.
“The Provider confirmed that the threat actor did not download or otherwise access the content of any messages or use their access to the Provider’s internal systems to send any messages to any of the numbers contained in the message logs.”
Obtaining phone numbers and other metadata is probably enough to run social engineering attacks such as phishing, or even engage in identity theft. Cisco warned its customers to be wary of any incoming SMS messages. "Please also consider educating your users on the risks posed by social engineering attacks and investigating any suspicious activity."
When the victim company discovered the incident, they invalidated the compromised credentials and pinged Cisco about what had happened. They then implemented “additional technical measures” to prevent similar incidents in the future, as well as to mitigate the damage done by this attack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Cisco Duo has more than 100,000 customers and processes more than a billion authentications every month. It has more than 10 million downloads on Google Play.
Via BleepingComputer
More from TechRadar Pro
- You haven't actually got a massive road toll bill - it's a phishing scam, FBI warns
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.