Security News > 2024 > April > Cisco Duo provider breached, SMS MFA logs compromised

Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA SMS message logs of Duo customers.

"The threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024," the Cisco Data Privacy and Incident Response Team notified its MSP partners.

"The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata."

The breached provider says the attackers did not use the access to send any messages to any of the numbers contained in the message logs.

The affected provider has shared a copy of the compromised message logs and MSPs can request them from Duo.

"Please contact your customers with affected users whose phone numbers were contained in the message logs to notify them, without undue delay, of this event and to advise them to be vigilant and report any suspected social engineering attacks to the relevant incident response team or other designated point of contact for such matters," the Cisco team advised.

News URL

https://www.helpnetsecurity.com/2024/04/16/duo-compromise-mfa-sms/