Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider.
Cisco Duo is a multi-factor authentication and Single Sign-On service used by corporations to provide secure access to internal networks and corporate applications.
Duo's homepage
reports that it serves 100,000 customers and handles over a billion authentications monthly, with over 10,000,000 downloads
on Google Play.
In emails sent to customers, Cisco Duo says an unnamed provider who handles the company's SMS and VOIP multi-factor authentication (MFA) messages was compromised on April 1, 2024.
The notice explains that a threat actor obtained employee credentials through a phishing attack and then used those credentials to gain access to the telephony provider's systems.
The intruder then downloaded SMS and VoIP MFA message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024.
"We are writing to inform you of an incident involving one of our Duo telephony suppliers (the "Provider") that Duo uses to send multifactor authentication (MFA) messages via SMS and VOIP to its customers," reads the
notice sent to impacted customers.
