16 April 2024

Cisco Duo issues warning after third-party data breach exposes MFA logs


Cisco Duo issues warning after third-party data breach exposes MFA logs

Cisco Duo, a multi-factor authentication (MFA) and Single Sign-On service provider, has warned its customers about a third-party data breach, which exposed SMS and VoIP MFA message logs.

The data breach, which occurred on April 1, 2024, was a result of a cyberattack on one of Cisco Duo's telephony providers

According to an email sent to customers, threat actors obtained employee credentials through a phishing attack and gained unauthorized access to the systems of the telephony provider responsible for handling Cisco Duo's SMS and VoIP MFA messages.

During the breach, the attackers managed to download MFA message logs associated with specific Cisco Duo accounts. The compromised logs, covering the period between March 1, 2024, and March 31, 2024, contained sensitive metadata such as phone numbers, phone carriers, countries, states, and timestamps of the messages. The logs did not include the content of the messages themselves, the company noted.

Once the breach was discovered, the affected telephony provider launched an investigation and implemented various mitigation measures, including invalidating the compromised employee credentials, analyzing activity logs, and promptly informing Cisco Duo of the incident.

Additionally, the provider has taken steps to prevent similar breaches in the future.


Back to the list

Latest Posts

ICC investigates cyberattacks in Ukraine as possible war crimes

ICC investigates cyberattacks in Ukraine as possible war crimes

The probe is focused on cyberattacks that endangered lives by disrupting essential services.
17 June 2024
Alleged Scattered Spider leader arrested in Spain

Alleged Scattered Spider leader arrested in Spain

The suspect is believed to be a key player in the MGM ransomware attack.
17 June 2024
Scattered Spider hackers switch focus to cloud apps for data theft

Scattered Spider hackers switch focus to cloud apps for data theft

Mandiant has observed UNC3944 accessing platforms like vSphere and Azure via SSO applications to create new virtual machines.
17 June 2024