Cisco Duo Data Breach Exposes User MFA Information

Cisco Duo’s security team has alerted customers to a cyberattack that occurred between March 1 and 31, 2024, compromising VoIP and SMS logs and possibly exposing sensitive details used for multi-factor authentication (MFA) messages. The breach, which happened through its telephony provider, underscores the threat cybercriminals pose to communication channels vital for security measures. Specific, possibly compromised data include phone numbers, carriers, and timestamps, which could be used in targeted phishing attacks.