Third-Party Breach Exposes Cisco Duo MFA Data

A third-party company responsible for the telecommunication services used in Cisco Duo’s multi-factor authentication (MFA) system was subjected to a cyberattack employing social engineering tactics. Consequently, Cisco has urged its clients to exercise extreme caution and vigilance regarding potential phishing scams.

Users were notified that the organization handling SMS transmission for Cisco Duo was compromised on April 1st. It was revealed that attackers utilized credentials stolen from the employees of the service provider. Having gained access to its systems, they downloaded logs of SMS messages sent to certain Duo users from March 1st to March 31st, 2024.

Cisco Duo has not disclosed the name of the breached partner. However, representatives explained that the downloaded logs contained information about phone numbers, telecommunications operators, countries, and regions to which messages were sent, along with other metadata including dates, times, and types of messages. The content of the texts themselves was not stolen.

This incident highlights two concerning trends: the success of cyberattacks based on social engineering and the increasing scrutiny of identity service providers. Jeff Margolis, the Chief Product and Strategy Officer at Saviynt, noted that there have been several high-profile breaches of such services as Okta and Microsoft in recent years.

He emphasized that providers urgently need to implement more effective protective measures for their systems. It is also crucial that they carefully evaluate the potential implications for their own cybersecurity from possible attacks on their partners.