Cisco Duo security reports third-party data breach exposing SMS MFA logs

Cisco is reporting a compromise of a third-party telephony service provider for Cisco's Duo multifactor authentication (MFA) service. The breach was facilitated by compromised employee credentials obtained through a phishing attack.

The attack resulted in unauthorized access to the service provider's systems, where SMS and VoIP MFA message logs were downloaded for a period between March 1, 2024, and March 31, 2024. These logs included phone numbers, carriers, locations, and other metadata, but not the contents of the messages themselves.

Cisco Duo is working closely with the affected provider to investigate and address the security breach. No details are disclosed about the number of affected phone numbers in this breach.

Cisco has issued a notice to its customers advising them of the breach and the potential risks associated with it. Customers have been urged to notify anyone whose information was exposed and to be vigilant against possible phishing schemes that might use the stolen data.