Security News > 2024 > April > Cisco Duo warns third-party data breach exposed SMS MFA logs

Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication messages in a cyberattack on their telephony provider.

In emails sent to customers, Cisco Duo says an unnamed provider who handles the company's SMS and VOIP multi-factor authentication messages was compromised on April 1, 2024.

The intruder then downloaded SMS and VoIP MFA message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024.

"We are writing to inform you of an incident involving one of our Duo telephony suppliers that Duo uses to send multifactor authentication messages via SMS and VOIP to its customers," reads the notice sent to impacted customers.

Cisco also warns customers impacted by this breach to be vigilant against potential SMS phishing or social engineering attacks using the stolen information.

"Because the threat actor obtained access to the message logs through a successful social engineering attack on the Provider, please contact your customers with affected users whose phone numbers were contained in the message logs to notify them, without undue delay, of this event and to advise them to be vigilant and report any suspected social engineering attacks to the relevant incident response team or other designated point of contact for such matters," concludes the notification from Cisco's Data Privacy and Incident Response Team.

News URL

https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-data-breach-exposed-sms-mfa-logs/