RSA — the security division of EMC Corporation — has recently warned its customers that their data could well be at risk, after the company suffered what they described as an ‘extremely sophisticated cyberattack.’ RSA said that they are currently working with the authorities and investigating the attack.
As Emma Woollacott over at tgdaily.com noted, RSA’s multifactor authentification security system — which is used by around 25,000 organizations inlcuding government agencies and the military — involves the usage of SecurID electronic tokens, which create a time-based number for people to use alongside their passwords.
The company’s executive chairman Art Coviello said that they are confident that the information that was taken would not allow a successful direct attack on any of its SecurID customers. However, Art said that the stolen data could potentially be used as part of a broader attack.
Coviello pointed out that the company do not believe that either employee or customer personally identifiable information was compromised as a result of the recent attack, which seems to be an Advanced Persistent Threat of the type that attacked Google back in 2009.
There appear to be fears that the stolen data could well inlcude source code that reveals vulnerabilities in the security system or the seed codes for clients, which would then enable the attacker to create the time-based code to allow them access to client systems.
Are you an RSA SecurID customer?