Cisco Duo has confirmed some sensitive customer data was stolen after a third-party cyber-incident.
In a breach notification letter sent to affected customers, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Unidentified threat actors mounted a phishing attack against the third party, through which they stole login credentials for the company’s systems.
With those login credentials, the attackers downloaded SMS and VoIP MFA message logs associated with specific Duo accounts. The logs were generated in March, it was said.
Smishing incoming
“The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.),” the message reads.
“The Provider confirmed that the threat actor did not download or otherwise access the content of any messages or use their access to the Provider’s internal systems to send any messages to any of the numbers contained in the message logs.”
Obtaining phone numbers and other metadata is probably enough to run social engineering attacks such as phishing, or even engage in identity theft. Cisco warned its customers to be wary of any incoming SMS messages. “Please also consider educating your users on the risks posed by social engineering attacks and investigating any suspicious activity.”
When the victim company discovered the incident, they invalidated the compromised credentials and pinged Cisco about what had happened. They then implemented “additional technical measures” to prevent similar incidents in the future, as well as to mitigate the damage done by this attack.
Cisco Duo has more than 100,000 customers and processes more than a billion authentications every month. It has more than 10 million downloads on Google Play.
Via BleepingComputer