Malware
Cisco Duo Alert: Third-Party Data Breach Unveils SMS MFA Logs – Protect Your Privacy Now!
Cisco Duo has warned customers of a third-party data breach that exposed SMS multi-factor authentication (MFA) logs, potentially compromising user security. Learn about the breach, its implications, and how to safeguard your accounts using MFA methods.
Imagine this: you’re using a highly secure multi-factor authentication (MFA) service like Cisco Duo to protect your business, and then you find out that hackers have accessed your VoIP and SMS logs. Sounds like a nightmare, right? Well, that’s precisely what happened to some Cisco Duo customers recently.
What Went Wrong?
Cisco Duo, an MFA and Single Sign-On service used by companies for secure access to their networks and applications, serves over 100,000 customers and handles more than a billion authentications every month. But even this security giant wasn’t immune to a cyberattack on one of its telephony providers.
On April 1, 2024, an unnamed provider responsible for handling Cisco Duo’s SMS and VoIP MFA messages fell victim to a breach. The hackers obtained employee credentials through a phishing attack, gaining access to the provider’s systems and subsequently downloading SMS and VoIP MFA message logs associated with specific Duo accounts between March 1 and March 31, 2024.
What Information Was Compromised?
Thankfully, the hackers didn’t access the content of the messages or use their access to send messages to customers. However, the stolen logs did contain data that could be exploited in targeted phishing attacks to obtain sensitive information, like corporate credentials. This data included employee phone numbers, carrier information, location data, dates, times, and message types.
How Has the Situation Been Handled?
Upon discovering the breach, the affected provider immediately invalidated the compromised credentials, analyzed activity logs, and notified Cisco. They also implemented additional security measures to prevent similar incidents in the future.
Cisco Duo received all of the exposed message logs from the vendor, which customers can request by emailing ms*@du*.com to better understand the breach’s scope, impact, and appropriate defense strategies.
What Should You Do If You’re Impacted?
If you’re one of the customers affected by this breach, it’s crucial to be vigilant against potential SMS phishing or social engineering attacks using the stolen information. Cisco’s Data Privacy and Incident Response Team advises contacting affected users and advising them to be vigilant and report any suspected social engineering attacks.
Additionally, it’s essential to educate your users on the risks posed by social engineering attacks and investigate any suspicious activity.
Not an Isolated Incident
This breach isn’t an isolated event. Last year, the FBI warned that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a similar breach after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp, pretending to be IT help desk personnel.
Although Cisco has not disclosed the supplier’s name or the number of customers impacted by this incident, it serves as a stark reminder that no system is entirely immune to cyberattacks. Stay vigilant, educate your users, and always be on the lookout for suspicious activity.
Stay Informed and Protected with Our IT Services
Don’t let your business become another statistic in the ever-growing list of cyberattack victims. Keep coming back to learn more about the latest threats and how to protect your company. And if you need assistance with your cybersecurity strategy, don’t hesitate to contact us – we’re here to help.