Cybersecurity vendor Cisco on Monday warned that hackers broke into an unidentified telephony supplier used to send Duo MFA SMS messages and stole log data that could be used in downstream attacks.
According to a customer notice from the Cisco Data Privacy and Incident Response Team, the breach exposed phone numbers, phone carriers, metadata and other logs that could lead to phishing and social engineering attacks.
From the Cisco warning:
“It is our understanding from the [unnamed telephony provider] that a threat actor gained access to the provider’s internal systems, on April 1, 2024, using a Provider employee’s credentials that the threat actor illicitly obtained through a phishing attack and used that access to download a set of MFA SMS message logs pertaining to your Duo account.”
“More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024. The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.).”
According to Cisco, the breached telephony provider confirmed the threat actor did not download or otherwise access the content of any messages or use their access to send any messages to any of the numbers contained in the message logs.
Cisco said copies of the stolen message logs are available upon request for customers with affected Duo accounts.
“Because the threat actor obtained access to the message logs through a successful social engineering attack on the Provider, please contact your customers with affected users whose phone numbers were contained in the message logs to notify them, without undue delay, of this event and to advise them to be vigilant and report any suspected social engineering attacks to the relevant incident response team or other designated point of contact for such matters, Cisco added.
Related: Cisco to Acquire Duo Security for $2.35 Billion in Cash
Related: Okta Hacked: Employee Used Personal Account on Company Laptop
Related: Cisco Hacked by Ransomware Gang, Data Stolen
Related: High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks