Cisco Duo, a multi-factor authentication (MFA) and Single Sign-On service provider, has warned its customers about a third-party data breach, which exposed SMS and VoIP MFA message logs.

The data breach, which occurred on April 1, 2024, was a result of a cyberattack on one of Cisco Duo's telephony providers

According to an email sent to customers, threat actors obtained employee credentials through a phishing attack and gained unauthorized access to the systems of the telephony provider responsible for handling Cisco Duo's SMS and VoIP MFA messages.

During the breach, the attackers managed to download MFA message logs associated with specific Cisco Duo accounts. The compromised logs, covering the period between March 1, 2024, and March 31, 2024, contained sensitive metadata such as phone numbers, phone carriers, countries, states, and timestamps of the messages. The logs did not include the content of the messages themselves, the company noted.

Once the breach was discovered, the affected telephony provider launched an investigation and implemented various mitigation measures, including invalidating the compromised employee credentials, analyzing activity logs, and promptly informing Cisco Duo of the incident.

Additionally, the provider has taken steps to prevent similar breaches in the future.