RSA SecurID Info Swiped Via Sophisticated Hack Attack
EMC issued a warning today that hackers have stolen information about its RSA SecurID two-factor authentication that could be used by cybercriminals to more easily breach customers’ systems.
In an open letter, RSA executive chairman Art Coviello revealed that the information was stolen via an APT (advanced persistent threat) attack. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, [it] could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” he wrote.
RSA is a subsidiary of EMC; its SecurID system allows admins to configure, assign, and manage token-based authentication from a central site.
According to Coviello, RSA has found no signs that the hackers made off with any customer- or employee-specific data or any information about other RSA or EMC products.
The company is providing steps for customer to take to strengthen their SecurID implementations, according to Coviello; additionally, RSA and EMC are offering customers access to internal resources and to partners to help address the situation.
Further, the company is urging customers to follow steps outlined in a SecurCare Online Note. Notably, at the time of writing, RSA’s SecurCare Online website was “experiencing issues [that] may prevent your registration from processing correctly.”