On April 1, 2024, hackers gained unauthorized access to a telephony provider servicing Duo, a Cisco-owned security firm, leading to the theft of multi-factor authentication (MFA) SMS logs.

The breach was the result of compromised employee credentials, exposing logs from March 1-31, 2024, including phone numbers, carriers, and other SMS metadata, but not the content of the messages themselves.

Though message contents were not revealed, the data stolen could facilitate spear-phishing campaigns targeting Duo's customers.

Cisco has issued guidance to Managed Service Providers (MSPs) to alert affected individuals and to provide education on social engineering threats.

The incident highlights the larger implications of security breaches in identity and access management firms, affecting both the providers and their clients.

Customers have been warned to be on high alert for phishing attempts using the compromised information, following Cisco's own experience with a similar breach in 2022.