Cisco Duo is an access security provider that offers solutions for small business and commercial control products, including multi-factor authentication (MFA), single sign-on, and access control services. Duo serves over 100k customers globally and hosts over a billion monthly authentications. Duo can serve so many consumers due to their use of third-party suppliers; one of those suppliers, which oversees Duo’s MFA via SMS messages and VOIP, has reported a security incident.
According to the statement published by Duo, the third-party supplier had a system breach following the theft of employee credentials following a phishing attack. The credentials allowed the malicious actor to download message logs and metadata from March 1st, 2024, to March 31st, 2024. The downloaded logs did not contain message content, but the threat actor could use the accessed information to inform further phishing opportunities.
Duo’s statement suggests that the unauthorized party accessed the supplier’s systems around April 1st, 2024. The release does not indicate when or how officials learned of the activity. After learning of the incident, the supplier immediately invalidated the compromised credentials and notified Duo.
The statement suggests the breach may impact the employees of organizations working with Duo’s MFA and VOIP services. However, a representative spoke with BleepingComputer around April 16th, suggesting that the event may impact 1% of Duo’s clients; that equates to the exposure of around 1,000 employee details.
It is not yet clear how many files this event may impact. The representative who spoke with BleepingComputer has suggested 1,000 cases; however, there may be more exposures if the threat actor attempts to use the stolen information to breach other systems. Consequently, although the supplier has already invalidated the exposed credentials, now is the time for impacted individuals and organizations to enable higher securities.