Who: Cisco Duo's multifactor authentication (MFA) service experienced a breach through a third-party telephony provider, resulting in compromised SMS and VOIP messaging traffic.
What: Threat actors utilized social engineering tactics to compromise employee credentials of the telephony service provider, gaining unauthorized access to SMS logs of specific users between March 1 and March 31, 2024. While the breach did not expose message content, it compromised phone numbers, carriers, countries, states, and metadata associated with the messages.
Impact: Cisco Duo has advised impacted users to notify affected individuals and remain vigilant against potential phishing attacks using the stolen data. The incident underscores the vulnerability of identity security providers to social engineering attacks and highlights the importance for enterprises to assess their reliance on third-party providers and implement robust mitigating controls to detect and respond to such events.
Read the full article HERE