// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Cisco Duo
Breach Record

Cisco Duo

DISCLOSED 2024-04-01 · PHISHING

Cisco Duo's security team warned that a third-party telephony provider suffered a data breach after an employee fell for a phishing attack, leading to the exposure of SMS MFA logs. The compromised data includes phone numbers, carriers, geolocation, and timestamps of messages sent to users. Cisco Duo has notified affected customers and is working with the provider to...

The record

What we know

Disclosed
2024-04-01
Attack vector
Phishing
Sector
cybersecurity
Country
US
Domain
duo.com
Data classes exposed
SMS MFA logsphone numbersphone carriersgeolocationtimestamps
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · no · opinion

The breach originated from a third-party provider's employee falling for a phishing attack, not from an endpoint compromise. A positive-security model on endpoints would not have prevented this external credential theft and subsequent access to logs.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other phishing breaches on file

This page is the permanent ColdRecon entry for the Cisco Duo disclosure. It updates if new public reporting emerges. All tracked breaches →

Cisco Duo just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →