Cisco Duo Identify Data Breach
Share this:
In a security breach of a third-party vendor, phone numbers and other data belonging to users of Cisco Duo’s identity authentication service have been stolen.
The Cisco’s service has over 100,000 customers whose users make more than a billion authentication requests each month.
In an email to affected customers, Cisco’s data privacy and incident response team said a threat actor gained access on April 1 to the internal systems of a telephony company Duo uses to send MFA messages via SMS and automated voice calls.
The breach enabled the threat actor to download logs of SMS messages sent to certain users between March 1 and March 31.
The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.).
The breach occurred following a successful phishing attack against an employee who worked for the third-party telephony company, which Cisco did not name in the email.
However, Cisco did say that the third-party provider’s investigation into the breach confirmed the hackers did not send any messages to any of the phone numbers in the logs.
Following this incident, the provider started implementing measures to prevent similar incidents from occurring in the future and additional technical measures to further mitigate the risk associated with social-engineering attacks.”
As per the tech experts, social engineering and phishing were involved in 70% to 90% of successful cyberattacks. Despite that fact, almost no company spends even 5% of their security budget to fight it.
