Cisco Duo says a third-party data breach stole MFA SMS logs
techradar.com
Cisco Duo has confirmed some sensitive customer data was stolen after a third-party cyber-incident.
In a breach notification letter sent to affected customers, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Unidentified threat actors mounted a phishing attack against the third party, through which they stole login credentials for the company’s systems.
With those login credentials, the attackers downloaded SMS and VoIP MFA message logs associated with specific Duo accounts. The logs were generated in March, it was said.
Smishing incoming
“The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.),” the message reads.
“The Provider confirmed that the threat actor did not ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE