A recent bulletin from Broadcom highlights an important warning for users of Cisco’s Duo multi-factor authentication (MFA) service. Following a supply chain breach, there’s a heightened risk of phishing attacks targeting Duo users.
Cisco Duo Users Affected by Supply Chain Breach
Attention Cisco Duo Users
A recent bulletin fromBroadcomhighlights an important warning for usersof Cisco’s Duo multi-factor authentication (MFA) service. Following a supplychain breach, there’s a heightened risk of phishing attacks targeting Duo users.
According to the bulletin, the breach occurred at one of Duo’s SMS and VIoIP telephony service providers on April 1, 2024. An unknown actor employed aphishingtechnique to gain access to credentials, subsequently stealing metadata and logs for messages sent by some Duo account users in March 2024.
While the stolen data doesn’t include credentials or message contents,it does contain sensitive information like phone numbers, carrier, dateand time, location, and message type. This data could be leveraged byattackersto craft more convincing phishing attempts, putting affectedusers at greater risk.
Thisbreachunderscores the ongoing interest attackers have in targetingMFA service providers. It also highlights the shared supply chainrisksassociated with relying on third-party providers forsoftware,hardware,or services.
Stay vigilant, stay informed, and take necessary precautions to safeguardyour accounts and sensitive information. Your cybersecurity is paramount.