Cisco Duo has warned customers that threat actors recently compromised the internal systems of an unnamed telephony provider, and were able to access a series of SMS logs used for its multi-factor authentication (MFA) service.
Duo is Cisco’s MFA and single sign-on (SSO) platform, acquired in 2018, and is used by organizations to manage access to a wide range of protected systems.
The Cisco Data Privacy and Incident Response Team issued an alert on 15 April 2024, warning customers the provider it uses to send MFA messages via SMS and voice over internet protocol (VOIP) was breached.
The attackers were able to access an unnamed third party’s internal systems on 1 April 2024, using employee credentials obtained through a phishing attack, according to the alert.
The threat actor then used this access to download a set of SMS message logs sent to users between 1 March 2024 and 31 March 2024.
Cisco’s notice did not disclose the name of the provider in question, nor did it reveal the number of customers impacted by the incident, but with over 100,000 customers, this incident could impact thousands.
The breached telephone provider confirmed to Cisco the attackers were not able to download or see the content of the messages, but the logs did reveal sensitive information nonetheless.
The data accessed contained users’ phone numbers, carrier information, general location data, as well as the date and time of the message. This information could be used by the attackers to orchestrate a wider social engineering campaign on affected Duo customers, Cisco warned.
Cisco added that the provider supplied it with a copy of the message logs the threat actor obtained, which will be provided to customers upon request.
To request a copy of these message logs, or for any further support, Duo customers should contact msp@duo.com.
Customers should beware of further social engineering attacks
Cisco said the provider immediately launched an investigation into the incident as soon as it was aware of the breach, implementing a series of mitigation measures.
The first of these steps was to invalidate the affected credentials and analyze activity logs, as well as notifying Cisco of the incident.
RELATED WEBINAR
The provider also said it would be refreshing its security posture, to ensure similar incidents do not happen again, including technical measures to reduce the risk of social engineering attacks compromising an endpoint. It would also be requiring its staff undergo further social engineering awareness training.
Due to the nature of the data accessed by the threat actors, Cisco’s incident response team advised businesses to contact their customers with a list of who was affected as soon as possible.
Cisco stressed that the information exposed in the breach could be used to orchestrate further social engineering attacks on Duo customers, and that any suspected attacks should be reported to the relevant teams.
-
Dell 32 Plus S3225QS monitor reviewReviews A huge, good-looking 4K panel for sensible money -- but it's useless for lunchtime gaming
-
How AI can help rather than hinder knowledge workers in the legal professionSupported AI won’t replace lawyers — it empowers them. Free from routine tasks, legal pros can focus on strategy, judgment, and client success
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
-
Cisco eyes network security gains for agentic AINews New network security updates aim to secure AI agents across enterprises
-
Cisco patches critical flaw affecting Identity Services EngineThe networking giant has urged enterprises to update immediately
-
96% of businesses have low cyber-readiness, claims CiscoThe 2025 Cisco Cybersecurity Readiness Index shows a concerning number of businesses globally are unprepared for rising AI-related threats.
-
Cisco takes aim at AI security at RSAC with ServiceNow partnershipNews The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
