Cisco Duo, a multi-factor authentication (MFA) service provider, recently issued a security alert to its customers regarding a data breach at a third-party telephony supplier. The breach compromised SMS and Voice over IP (VoIP) logs associated with MFA messages sent between March 1 and March 31, 2024.
What Happened?
According to Cisco Duo’s notification, hackers gained access to the telephony supplier’s internal systems through a phishing attack on April 1, 2024. They then exploited stolen employee credentials to download logs containing data related to MFA messages sent to Duo users during the aforementioned one-month period.
What Information Was Exposed?
While the message content itself was not compromised, the exposed logs contained sensitive metadata such as:
- Phone numbers used for MFA verification
- Mobile carrier information
- User locations associated with phone numbers
- Timestamps of MFA attempts
What Does This Mean for Duo Users?
The exposed information could potentially be used by attackers in social engineering attempts in an effort to gain unauthorized access to user accounts. Duo recommends that users be vigilant against suspicious calls, texts, or emails, and to never share one-time MFA codes with anyone.
What Steps Should Users Take?
Duo advises users to consider the following precautionary measures:
- Be wary of unsolicited contact: Remain cautious of any calls, texts, or emails requesting personal information or MFA codes, even if they appear to come from a legitimate source.
- Enable additional security features: If available, consider enabling additional security features on your accounts, such as security questions or biometrics, to further strengthen your login protection.
- Report suspicious activity: If you suspect any unauthorized access attempts on your accounts, report them immediately to Duo and the affected accounts.
Duo’s Response
Cisco Duo is actively investigating the incident and working with the affected telephony supplier to enhance security measures. They are also contacting impacted customers and providing them with further guidance and support.
The Importance of MFA Security
While this incident highlights the potential vulnerabilities associated with SMS and VoIP-based MFA, it doesn’t negate the overall importance of multi-factor authentication as a security layer. Duo emphasizes that MFA remains a critical security measure, and recommends users continue utilizing it along with strong password practices.
