Cisco Duo Customers Warned of Compromised Telephony Provider and Phishing Risks

In a recent cyberattack that has sent shockwaves through the cybersecurity world, a third-party provider handling telephony services for Cisco’s Duo multifactor authentication (MFA) has been compromised. The breach, which occurred on April 1, has left Cisco Duo customers vulnerable to potential follow-on phishing schemes.

The breach was discovered when threat actors gained access to the service provider’s systems using compromised employee credentials. The unauthorized user then proceeded to download SMS logs for specific users within a limited timeframe. While the compromised telephony provider has not been disclosed by Cisco Duo, the company has notified affected customers about the security incident.

According to Cisco’s customer advisory, the downloaded message logs did not contain message content but did include phone numbers, phone carriers, countries, states, and other metadata for SMS messages sent between March 1, 2024, and March 31, 2024. Impacted users have been advised to inform individuals whose information was exposed and to remain vigilant against potential phishing attacks utilizing the stolen data.

This breach underscores the increasing prevalence of social engineering cyberattack success and the heightened focus on identity security providers. Jeff Margolies, chief product and strategy officer at Saviynt, highlights the need for identity security providers to bolster their defenses and for enterprises to assess the impact of such breaches on their cybersecurity posture. Companies must understand their reliance on third-party identity security providers, anticipate potential risks, and implement effective controls to detect and respond to security events promptly.