Cisco disclosed in February 2021 that unauthorized actors had compromised AWS IAM credentials associated with the Cisco WebEx Teams video conferencing service. The attackers maintained access from approximately September 2020 through discovery in early 2021 — a dwell time of approximately five months. The incident was attributed to the use of long-lived IAM user credentials rather than role-based temporary credentials. Cisco took remediation steps including rotating all affected credentials and implementing enhanced monitoring. The extended dwell time highlighted the difficulty of detecting credential-based attacks that use legitimate access patterns.