Cisco Duo data breach exposes customer MFA data via telephony provider

Cisco Duo’s security team has advised users about a cyberattack that has compromised certain customers’ VoIP and SMS logs, potentially exposing sensitive information utilized for multi-factor authentication (MFA) messages. This data breach, facilitated through their telephony provider, underscores the persistent threat posed by cybercriminals targeting crucial communication channels essential for security measures.

Cisco Duo, a leading multi-factor authentication and Single Sign-On service widely employed by corporations for secure network access, has been thrust into the spotlight due to this cybersecurity incident. The breach, which occurred on April 1st 2024, involved the unauthorized access of employee credentials via a phishing attack. Consequently, the threat actor utilized these credentials to infiltrate the systems of a telephony provider responsible for managing SMS and VoIP MFA messages.

Impacted customers were informed that SMS and VoIP MFA message logs linked to particular Duo accounts were compromised from March 1, 2024, to March 31, 2024. Here is a link to the article that Cisco sent to affected users – https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e

Although the logs lacked message content, they encompassed significant metadata like phone numbers, carriers, locations, and timestamps. This data holds the potential to be weaponized in directed phishing attempts aimed at acquiring corporate credentials and other confidential information.

Upon uncovering the breach, the telephony provider promptly launched an inquiry and mitigation strategies. These actions encompassed nullifying compromised credentials, scrutinizing activity logs, and informing Cisco Duo about the incident. Furthermore, the provider bolstered security protocols and pledged to strengthen employee awareness through social engineering training initiatives.

Cisco Duo is a two-factor authentication solution that helps organizations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications. More details on Cisco Duo can be found here.