Skip to main content

RSA Hacked, SecurID a Little Less Secure Now

Many corporations rely on RSA's SecurID as part of its data security solution. Even the U.S. Department of Defense uses EMC's RSA SecurID technology.

In a somewhat frightening development, EMC has revealed that it's been hacked. Those using the RSA authentication technology need not go into a full panic just yet, as EMC doesn't believe that the information stolen creates a full hole.

Art Coviello, Executive Chairman of RSA, wrote in an open letter to customers:

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations. We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident.

Read his full letter here.