BreachExchange mailing list archives
RSA security breach leaves data for 40M employees vulnerable
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 18 Mar 2011 16:16:00 -0400
http://venturebeat.com/2011/03/18/rsa-security-breach/ The servers of RSA, the security division of information storage giant EMC, have been breached and sensitive information from more than 40 million employees may have been compromised. The information at risk is the two-factor authentication tokens used by employees to access corporate and government networks. The RSA authentication security system uses these tokens to create a time sensitive number for an employee to enter along with his or her password. This additional security measure is important because it prevents attempts from hackers who may have uncovered an employee’s password. If the hackers were able to access information from a particular company, they might be able to generate the password for one of its tokens. Says RSA Executive Chairman Art Coviello, “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” RSA’s system is currently used by approximately 25,000 organizations, including banks and the US military. RSA contacted customers asking them to follow a number of cautionary practices. The company says it is examining the breach and is working with the authorities; there is no doubt more information will be announced shortly. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- RSA security breach leaves data for 40M employees vulnerable Jake Kouns (Mar 18)