Cisco Duo Reports Security Breach: Hackers Steal VoIP and SMS Logs in Multi-Factor Authentication Hack


Cisco Duo recently warned that hackers breached the security of their telephony provider on April 1, 2024, stealing some customers’ VoIP and SMS logs used for multi-factor authentication (MFA) messages. This cyberattack targeted an unnamed provider that handles Cisco Duo’s SMS and VOIP MFA message services.

Cisco Duo, a major multi-factor authentication and Single Sign-On service, serves 100,000 customers and processes over a billion authentications every month. The company discovered the breach after a threat actor obtained employee credentials through a phishing attack and gained access to the telephony provider’s systems. From March 1, 2024, to March 31, 2024, the intruder downloaded SMS and VoIP MFA message logs associated with specific Duo accounts.

The Cisco Duo security team confirmed that the threat actor did not access the contents of the messages or use their access to send messages to customers. However, the stolen message logs still pose a risk as they contain data that could be used in targeted phishing attacks to obtain sensitive information such as corporate credentials. This data includes employee phone numbers, carriers, location data, dates, times, and message types.

After discovering the breach, the affected supplier invalidated the compromised credentials, analyzed activity logs, and notified Cisco Duo. They also implemented additional security measures to prevent future incidents and provided Cisco Duo with the exposed message logs to help understand the breach’s scope, impact, and appropriate defense strategies.

Subsequently, Cisco Duo has alerted customers impacted by this breach to be cautious against potential SMS phishing or social engineering attacks using the stolen information. They have advised affected customers to promptly notify users whose phone numbers were in the message logs and to advise them to report any suspected social engineering attacks.

Moreover, the FBI has previously warned that threat actors increasingly use SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a breach following a similar attack, where an MFA fatigue attack was followed by a WhatsApp contact attempt, leading to unauthorized access to Uber’s systems.

As of now, Cisco Duo has not disclosed the supplier’s name or the exact number of customers affected by this incident.

About Purple Shield Security

Purple Shield Security stands out from the crowd of cyber security firms. Picture us as the guardians of your digital space, always on the lookout to protect your business from the newest cyber dangers. We’ve got a variety of services to help keep you safe, including Managed Cyber SecurityCyber Security Consulting, Risk Analysis, Defense Services, Incident Response, and even a virtual Chief Information Security Officer (vCISO).

Don’t put off making your business safer. Contact us now to see how Purple Shield Security can upgrade your cyber defenses.