skip navigation
skip mega-menu

Security Bulletin: Cisco Duo Third-Party Compromise

Summary of Bulletin:

  • On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. 
  • Though the threat actor accessed message logs, they did not obtain message content. The exposed data included phone numbers, carriers, location data, and timestamps, potentially enabling targeted phishing campaigns.
  • We are recommending to customers that they obtain any message logs stolen from Duo if they are impacted, as well as implementing security awareness training.

Subscribe to our newsletter

Sign up here