Run a Free Identity Threat Scan
Free Scan
  1. Home
  2. Data Breaches
  3. Cisco Duo Breach

Cisco Duo Breach

Date: April, 2024

Cisco Duo is an access security provider that offers solutions for small business and commercial control products, including multi-factor authentication (MFA), single sign-on, and access control services. Duo serves over 100k customers globally and hosts over a billion monthly authentications. Duo can serve so many consumers due to their use of third-party suppliers; one of those suppliers, which oversees Duo’s MFA via SMS messages and VOIP, has reported a security incident.

What Was the Breach?

  • Phone Number and Mobile Service Carrier
  • Location Data (Sent From and Destination)
  • Date and Time of Sent Message
  • Message Type (Not Content)

How Did the Breach Occur?

According to the statement published by Duo, the third-party supplier had a system breach following the theft of employee credentials following a phishing attack. The credentials allowed the malicious actor to download message logs and metadata from March 1st, 2024, to March 31st, 2024. The downloaded logs did not contain message content, but the threat actor could use the accessed information to inform further phishing opportunities.

When Did This Breach Occur?

Duo’s statement suggests that the unauthorized party accessed the supplier’s systems around April 1st, 2024. The release does not indicate when or how officials learned of the activity. After learning of the incident, the supplier immediately invalidated the compromised credentials and notified Duo.

Who Does the Breach Impact?

The statement suggests the breach may impact the employees of organizations working with Duo’s MFA and VOIP services. However, a representative spoke with BleepingComputer around April 16th, suggesting that the event may impact 1% of Duo’s clients; that equates to the exposure of around 1,000 employee details.

How Many Files Does the Breach Affect?

It is not yet clear how many files this event may impact. The representative who spoke with BleepingComputer has suggested 1,000 cases; however, there may be more exposures if the threat actor attempts to use the stolen information to breach other systems. Consequently, although the supplier has already invalidated the exposed credentials, now is the time for impacted individuals and organizations to enable higher securities.

Recent Breaches

Progressive Leasing

..

Read More

AT&T Breach

American Telephone and Telegraph Company (AT&T) is the fourth-largest telecommunications provider, behind Verizon, Comcast, and China’s state-funded communications solution...

Read More

Fujitsu Limited Breach

Fujitsu Limited is the world’s sixth-largest IT service provider. Based in the Minato City ward of Tokyo, Japan, Fujitsu offers various technology solutions for personal and commercial use...

Read More

Cybersecurity and Infrastructure Security Agency Breach

The CISA collaborates with other government agencies to notify victims of breaches and respond to threats. These include the Federal Bureau of Investigation, the Multi-State Information Sharing & Analysis...

Read More

Roku Inc. Breach

Roku is a global streaming and entertainment organization. It offers solutions for direct streaming, live channels, music, niche channel entertainment, smart home devices, travel technology, audio options,...

Read More
Free Identity Exposure Scan
Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close