---
title: "Rise in 3rd party risks and the security challenges, a wakeup call?"
id: "3986"
type: "post"
slug: "rise-in-3rd-party-risks-and-the-security-challenges-a-wakeup-call"
published_at: "2024-05-27T05:32:42+00:00"
modified_at: "2026-07-03T12:31:09+00:00"
url: "https://www.kitecyber.com/rise-in-3rd-party-risks-and-the-security-challenges-a-wakeup-call/"
markdown_url: "https://www.kitecyber.com/rise-in-3rd-party-risks-and-the-security-challenges-a-wakeup-call.md"
excerpt: "Table Of Content The Incident What Was Compromised? Potential Risks But Leaked Logs are Harmless, Right? Response and Mitigation Conclusion […]"
taxonomy_category:
  - "SaaS App Sprawl"
  - "Secure Web Gateways"
---

Table Of Content

      - [The Incident](#the-incident)
- [What Was Compromised?](#what-was-compromised)
- [Potential Risks](#potential-risks)
- [But Leaked Logs are Harmless, Right?](#but-leaked-logs-are-harmless-right)
- [Response and Mitigation](#response-and-mitigation)
- [Conclusion](#conclusion)

   Related Posts

## [Securing AI Agents on Endpoint Devices: Closing the New Security Blind Spot](https://www.kitecyber.com/securing-ai-agents-on-endpoint-devices-closing-the-new-security-blind-spot/)

## [Mapping the OWASP LLM Top 10 to Endpoint AI Agent Security Controls](https://www.kitecyber.com/mapping-the-owasp-llm-top-10-to-endpoint-ai-agent-security-controls/)

## [How to Secure Employee Use of GenAI: The Complete Guide (2026)](https://www.kitecyber.com/how-to-secure-employee-use-of-genai-the-complete-guide-2026/)

Table Of Content

      - [The Incident](#the-incident)
- [What Was Compromised?](#what-was-compromised)
- [Potential Risks](#potential-risks)
- [But Leaked Logs are Harmless, Right?](#but-leaked-logs-are-harmless-right)
- [Response and Mitigation](#response-and-mitigation)
- [Conclusion](#conclusion)

[ZTNA](https://www.kitecyber.com/ztna/)
[User Identity Theft](https://www.kitecyber.com/user-identity-theft/)
[Snowflake marketplace cybersecurity](https://www.kitecyber.com/snowflake-marketplace-cybersecurity/)
[Snowflake incident](https://www.kitecyber.com/snowflake-marketplace-cybersecurity/snowflake-incident/)
[Snowflake](https://www.kitecyber.com/snowflake-marketplace-cybersecurity/snowflake/)
[Sensitive Data Theft](https://www.kitecyber.com/sensitive-data-theft/)
[Secure Web Gateways](https://www.kitecyber.com/swg/)
[SaaS App Sprawl](https://www.kitecyber.com/saas-app-sprawl/)
[Private Access VPN](https://www.kitecyber.com/private-access-vpn/)
[Private Access Solution](https://www.kitecyber.com/private-access-solution/)

# Rise in 3rd party risks and the security challenges, a wakeup call?

- May 27, 2024
- [Srikanth Chavali](https://www.kitecyber.com/author/shrikant/)

[https://kitecyber.com/wp-content/uploads/2025/04/Featured-image-Rise-in-3rd-party-risks-and-the-security-challenges.png.webp](https://kitecyber.com/wp-content/uploads/2025/04/Featured-image-Rise-in-3rd-party-risks-and-the-security-challenges.png.webp)

**Summary:** In mid-April 2024, Cisco Duo, a leading provider of multi-factor authentication (MFA) and single sign-on solutions, disclosed a security breach involving one of its third-party telephony providers. This provider is responsible for managing SMS and VoIP services crucial to Duo's MFA system.

## Ready to take your security to next level and protect from cyber attacks?

[Try 14 days free trial](https://www.kitecyber.com/free-trial-subscription/)

In mid-April 2024, Cisco Duo, a leading provider of multi-factor authentication (MFA) and single sign-on solutions, disclosed a security breach involving one of its third-party telephony providers. This provider is responsible for managing SMS and VoIP services crucial to Duo’s MFA system.

## The Incident

On April 1, 2024, an attacker successfully executed a [phishing](https://www.kitecyber.com/glossary/phishing-2/)
 campaign against then telephony provider, resulting in the acquisition of employee credentials. Armed with these credentials, the attacker infiltrated the provider’s systems and accessed logs of SMS and VoIP MFA messages sent to specific Duo accounts during March 2024.

## What Was Compromised?

Although the actual content of the MFA messages remained secure, the attacker managed to extract metadata from the logs. This metadata included sensitive information such as:

- Phone numbers
- Carrier details
- Geographic locations
- Dates and times of messages
- Types of messages

## Potential Risks

The compromised metadata poses significant risks, primarily due to its potential use in targeted [phishing](https://www.kitecyber.com/glossary/phishing-2/)
 or social engineering attacks. With detailed information about Duo users, attackers could craft highly convincing [phishing](https://www.kitecyber.com/glossary/phishing-2/)
 schemes to deceive users into divulging even more sensitive information.

## But Leaked Logs are Harmless, Right?

Not quite. According to [Cloudflare](https://www.cloudflare.com/learning/privacy/what-is-pii/)
, mobile numbers are consideredPersonally Identifiable Information (PII). While it’s unclear whether this breach will attract penalties from regulatory authorities, it’s important to note that threat actors can potentially exploit this data.A prime example is the “Scattered Spider” group, which was coincidentally tracked by Kitecyber researchers. This notorious threat actor is infamous for creating phishing pages and targeting users with malicious text messages. [[You can learn more here](https://www.kitecyber.com/scattered-spider-continues-to-target-publicly-listed-us-companies/)
]. This breach could potentially place unsuspecting users in harm’s way, exposing them to sophisticated [phishing](https://www.kitecyber.com/glossary/phishing-2/)
 attacks and other forms of cyber exploitation.

## Response and Mitigation

Upon detecting the breach, the telephony provider promptly invalidated the stolen credentials and reinforced their security protocols. Cisco Duo was notified and subsequently informed the affected customers, urging them to be extra vigilant against possible [phishing](https://www.kitecyber.com/glossary/phishing-2/)
 attempts leveraging the exposed metadata. Cisco rightly emphasized the importance of user education on recognizing social engineering tactics and recommended considering more secure MFA methods beyond SMS and voice-based systems.

## Conclusion

This breach serves as a stark reminder of the complexities and risks inherent in digital security, further compounded by the interdependence of third and fourth-party providers within the digital infrastructure.

The choices are clear: rely on user education and hope for the best, or implement a robust security layer as part of a comprehensive defense-in-depth strategy. Don’t leave your security to chance. If you’re interested in strengthening your defenses against this ongoing threat, talk to us to learn more about adding this crucial security layer.

Visit our product website to learn more, schedule a demo, or sign up for a free 14-day trial: [App Shield](https://www.kitecyber.com/product/app-shield/)

[https://www.kitecyber.com/author/shrikant/](https://www.kitecyber.com/author/shrikant/)

[Srikanth Chavali](https://www.kitecyber.com/?author=5)

With over a decade of experience steering cybersecurity initiatives, my core competencies lie in network architecture and security, essential in today's digital landscape. At Kitecyber, our mission resonates with my quest to tackle first-order cybersecurity challenges. My commitment to innovation and excellence, coupled with a strategic mindset, empowers our team to safeguard our industry's future against emerging threats. Since co-founding Kitecyber, my focus has been on assembling a team of adept security researchers to address critical vulnerabilities and enhance our network and user security measures. Utilizing my expertise in the Internet Protocol Suite (TCP/IP) and Cybersecurity, we've championed the development of robust solutions to strengthen cyber defenses and operations.

[mailto:skc@kitecyber.com](mailto:skc@kitecyber.com)
[https://www.kitecyber.com/](https://www.kitecyber.com/)

Posts: 65

[https://www.kitecyber.com/author/shrikant/](https://www.kitecyber.com/author/shrikant/)

[Srikanth Chavali](https://www.kitecyber.com/?author=5)

With over a decade of experience steering cybersecurity initiatives, my core competencies lie in network architecture and security, essential in today's digital landscape. At Kitecyber, our mission resonates with my quest to tackle first-order cybersecurity challenges. My commitment to innovation and excellence, coupled with a strategic mindset, empowers our team to safeguard our industry's future against emerging threats. Since co-founding Kitecyber, my focus has been on assembling a team of adept security researchers to address critical vulnerabilities and enhance our network and user security measures. Utilizing my expertise in the Internet Protocol Suite (TCP/IP) and Cybersecurity, we've championed the development of robust solutions to strengthen cyber defenses and operations.

[mailto:skc@kitecyber.com](mailto:skc@kitecyber.com)
[https://www.kitecyber.com/](https://www.kitecyber.com/)

Posts: 65

Related Posts

## [Securing AI Agents on Endpoint Devices: Closing the New Security Blind Spot](https://www.kitecyber.com/securing-ai-agents-on-endpoint-devices-closing-the-new-security-blind-spot/)

## [Mapping the OWASP LLM Top 10 to Endpoint AI Agent Security Controls](https://www.kitecyber.com/mapping-the-owasp-llm-top-10-to-endpoint-ai-agent-security-controls/)

## [How to Secure Employee Use of GenAI: The Complete Guide (2026)](https://www.kitecyber.com/how-to-secure-employee-use-of-genai-the-complete-guide-2026/)
