16 April 2024

Cisco Duo issues warning after third-party data breach exposes MFA logs


Cisco Duo issues warning after third-party data breach exposes MFA logs

Cisco Duo, a multi-factor authentication (MFA) and Single Sign-On service provider, has warned its customers about a third-party data breach, which exposed SMS and VoIP MFA message logs.

The data breach, which occurred on April 1, 2024, was a result of a cyberattack on one of Cisco Duo's telephony providers

According to an email sent to customers, threat actors obtained employee credentials through a phishing attack and gained unauthorized access to the systems of the telephony provider responsible for handling Cisco Duo's SMS and VoIP MFA messages.

During the breach, the attackers managed to download MFA message logs associated with specific Cisco Duo accounts. The compromised logs, covering the period between March 1, 2024, and March 31, 2024, contained sensitive metadata such as phone numbers, phone carriers, countries, states, and timestamps of the messages. The logs did not include the content of the messages themselves, the company noted.

Once the breach was discovered, the affected telephony provider launched an investigation and implemented various mitigation measures, including invalidating the compromised employee credentials, analyzing activity logs, and promptly informing Cisco Duo of the incident.

Additionally, the provider has taken steps to prevent similar breaches in the future.


Back to the list

Latest Posts

New EagleMsgSpy surveillance tool linked to Chinese authorities

New EagleMsgSpy surveillance tool linked to Chinese authorities

The Android-based tool has been in operation since at least 2017.
12 December 2024
Russian Turla APT exploits other threat actors’ tools to attack Ukraine

Russian Turla APT exploits other threat actors’ tools to attack Ukraine

Secret Blizzard used the Amadey bot malware to deliver its custom backdoor called “KazuarV2” onto specifically selected systems in Ukraine.
12 December 2024
Global police op shuts down major DDoS platforms

Global police op shuts down major DDoS platforms

As part of the effort, three suspected administrators were arrested in France and Germany.
11 December 2024