Telephony services supporting Cisco's Duo multifactor authentication (MFA) have fallen victim to a social engineering cyberattack, compromising user data and raising concerns about potential phishing scams targeting affected customers.
Cisco informed users that a third-party provider handling SMS and VOIP messaging for its Duo MFA service was breached on April 1. The attackers gained access using compromised employee credentials, allowing them to download SMS logs for specific users during a defined period. Although Cisco did not disclose the provider's identity, they confirmed that the breached data included phone numbers, carriers, countries, states, and metadata related to SMS messages sent between March 1, 2024, and March 31, 2024.
Impacted users were advised to inform any individuals whose information might have been exposed and to remain vigilant against potential phishing attempts using the stolen data.
According to Jeff Margolies, Chief Product and Strategy Officer at Saviynt, this breach highlights two significant trends: the success of social engineering cyberattacks and the targeting of identity security providers.
Margolies emphasized the critical need for identity security providers to enhance their systems' security measures. He also stressed the importance for enterprises to evaluate their reliance on third-party identity security providers, understand the potential impact of such breaches on their cybersecurity posture, and implement appropriate controls to detect and respond to security incidents involving these providers.