Third-party breach hits MFA authenticator Cisco Duo

Cisco Duo has warned customers that a threat actor gained access to its vendor systems and obtained a set of MFA SMS logs pertaining to customer accounts.

The company did not disclose the name of the breached telephony provider Duo uses to “send multifactor authentication (MFA) messages via SMS and VOIP to its customers.”

Yet, they stated that the threat actor “gained access to the Provider’s internal systems on April 1st, 2024, using a Provider employee’s credentials that the threat actor illicitly obtained through a phishing attack,” the notification email reads.

These credentials were then used to access and download a set of multi-factor authentication (MFA) SMS messages from certain Duo accounts.

While the logs didn’t contain “any message content,” they did contain some sensitive information.

This information includes:

  • Phone numbers
  • Phone carriers
  • Countries
  • States
  • Other metadata (dates and time of the message and types of messages)

The notification letter claims that “The Provider” confirmed that the threat actor didn’t download or access any messages or exploit their access to internal systems to send any messages to the affected phone numbers.

Upon discovery, the third-party vendor began investigating the incident and “implemented mitigation measures,” which included “invalidating the employee's credentials, analyzing activity logs, and notifying Cisco of the incident.”

Cisco Duo’s vendor has provided the company with copies of the message logs relevant to affected Duo accounts obtained by the threat actor. Affected individuals can receive copies of these logs, the company said.

Cisco Duo is a two-factor authentication solution company that allows organizations to access company networks and applications securely.

As Cisco Duo is a service used by corporations, the notice urges their clients to “contact (your) customers with affected users whose phone numbers were contained in the message logs.”

The company urges those affected by the breach to remain vigilant and report “suspected social engineering attacks to the relevant incident response team or designated point of contact.”

Cisco Duo claims to serve 100,000 customers globally and manages 1 billion monthly authentication users.

More from Cybernews:

Apple revokes Game Boy emulator from the App Store

Musk’s Tesla lays off 10% of its workforce

OpenAI confirms first Asia office in Tokyo

SCOPE and iDenfy unite for AI-powered fraud prevention

Hacker claims Giant Tiger breach

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked