Cisco Duos Multifactor Authentication Service Breached

A third-party telephony service provider for Cisco Duo falls prey to social engineering, and the company advises customer vigilance against subsequent phishing attacks.

A third-party provider that handles telephony for Ciscos Duo multifactor authentication (MFA) service has been compromised by a social engineering cyberattack. Now Cisco Duo customers have been warned to be on alert for follow-on phishing schemes.
Customers were sent a notice explaining that the company handling SMS and VOIP multifactor authentication messaging traffic for Cisco Duo was breached on April 1. The threat actors reportedly used compromised employee credentials. Once inside the service providers systems, the unauthorized user downloaded SMS logs for specific users within a certain timeframe, the company said.
Cisco Duo did not identify the compromised telephony provider in its advisory.
More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024, Cisco said in its
customer advisory
. The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.).
Cisco advised impacted users to notify anyone whose information was exposed, and to remain vigilant against additional phishing attacks using the stolen data.
This breach follows two specific trends, according to Jeff Margolies, chief product and strategy officer at Saviynt —
social engineering cyberattack success
, and a focus on identity security providers.
“There have been a number of public attacks on
identity security
providers, such as
Okta
and
Microsoft
, over the past few years, Margolies says. You can also go back as far as the RSA SecurID Token attack back in 2011 to see how far back these sorts of attacks go.
In addition to the critical need for identity security providers to do more to secure their systems, Margolies adds enterprise teams need to assess what a breach of these services could mean to their own cybersecurity posture.
It is also important for companies to understand the reliance they have on third-party identity security companies, how an attack on those companies would impact them, and what mitigating controls are in place to detect and respond to events with their Identity security providers, he explains.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cisco Duos Multifactor Authentication Service Breached