Third-party breach exposes Cisco Duo MFA codes

Third-party breach exposes Cisco Duo MFA codes



A recent cyberattack targeting an undisclosed telecommunications provider has put approximately 1,000 enterprise customers of Cisco Duo at risk, according to a report from Cisco’s Data Privacy and Incident Response Team. The attack, which occurred on April 1, involved a phishing attack that allowed the attacker to access and steal SMS MFA message records sent between March 1 and March 31. Cisco Duo, a provider of multi-factor authentication and single sign-on services, was acquired by Cisco for $2.35 billion in 2018 and currently serves over 100,000 customers worldwide.

The breach exposed sensitive information such as phone numbers, carrier details, geographic data, and message transmission logs. The attacker did not use this information to send any messages to the affected numbers, according to Cisco. The vendor responsible for sending Duo MFA messages, whose identity was not disclosed by Cisco, took immediate action upon discovering the breach. This included invalidating the compromised employee’s credentials, conducting a thorough investigation, and notifying Cisco and affected customers.

In response to the incident, Cisco reassured customers that they are actively working with the vendor to investigate and address the breach. Affected customers have been informed of the breach through established communication channels. The telecommunications provider has also implemented measures to prevent and mitigate the risk of similar social engineering attacks in the future.

This latest breach targeting MFA and single sign-on providers is part of a concerning trend in the cybersecurity landscape. In 2022, an attack on Twilio, an identity authentication provider, compromised the data of more than 160 customers. Similarly, Okta, another prominent provider of authentication services, faced multiple breaches and a series of attacks throughout 2022 and 2023. One notable incident in September 2023 involved a breach of Okta’s support portal that impacted all customers within the company’s customer service system.

In conclusion, the recent attack on a telecommunications provider has put Cisco Duo customers at risk and highlighted the ongoing threats faced by MFA and single sign-on providers. As cybercriminals continue to target these services, it is crucial for organizations to remain vigilant and prioritize cybersecurity measures to protect sensitive data and prevent unauthorized access. Cisco and the telecommunications provider are working together to address the breach and mitigate any potential risks to affected customers.

Article Source
https://www.cybersecuritydive.com/news/cisco-duo-mfa-exposed-third-party/713377/