Mar 172011

RSA just announced that they were cracked. It is unclear what exactly has been put at risk.

Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.

So, it looks like RSA’s SecurID is immediately at risk. Who knows what else the crackers got. This crack is more significant the crack against HBGary that happened several months ago. This shows how difficult information security is when even the experts are having trouble keeping their doors locked.