Hacker Stole Cisco Customer Data in Voice Phishing Scam
▼ Summary
– A cybercriminal used voice phishing to trick a Cisco representative into granting access to steal user data from Cisco.com.
– The breach, discovered on July 24, involved stolen basic profile information from a third-party CRM system.
– Compromised data included names, addresses, email addresses, phone numbers, and account-related metadata.
– Cisco did not disclose the number of affected users or provide further details when questioned.
– The incident may be part of a broader trend targeting Salesforce data, as seen in attacks on companies like Allianz Life and Qantas.
A sophisticated voice phishing attack compromised Cisco’s customer data after hackers manipulated an employee into granting unauthorized access. The company confirmed the security breach this week, revealing that cybercriminals exported sensitive user information from a third-party cloud CRM system.
Cisco detected the intrusion on July 24, attributing it to a vishing (voice phishing) scam where attackers impersonated legitimate personnel. The stolen records contained names, organizational details, physical addresses, email addresses, phone numbers, and account metadata like registration dates. While the exact number of affected users remains undisclosed, the breach exposed critical profile data tied to Cisco.com accounts.
Security analysts have observed a troubling pattern of similar attacks targeting Salesforce CRM platforms, which Cisco reportedly uses. High-profile victims include Allianz Life, Tiffany & Co., and Qantas Airways, suggesting a broader campaign against corporate databases. The attackers’ ability to bypass authentication through social engineering highlights the growing threat of voice-based deception tactics in cybersecurity.
Cisco has not yet clarified whether multi-factor authentication was in place or how the breach bypassed existing safeguards. The incident underscores the need for enhanced employee training and stricter verification protocols to combat increasingly sophisticated phishing schemes. As investigations continue, customers are advised to monitor their accounts for suspicious activity.
(Source: TechCrunch)
