RSA Hack: What Does It Mean?

Yesterday, RSA Security, a division of EMC Corporation, was attacked by hackers who stole sensitive information related to the SecurID two-factor authentication products. These "security tokens," whose pass codes change every 30 to 60 seconds, are used by more than 40 million individuals worldwide.

RSA's Chairman Art Coviello sent an open letter to RSA Customers, stating:

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.

RSA customers should not panic (yet) but should follow RSA's recommendations on implementing stronger security, which can be found here.

The first recommendation on this list is interesting:

We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.

While RSA has not revealed details of the attack, this recommendation is generating attention. Some people, analyzing what RSA is and isn't saying, are wondering what role social media played in this vulnerability. Ironically, the attack comes a little over a month after RSA held its annual Security Conference where such topics as "Social Engineering in a Social Media World: Risk, Liability, and Control" and "Blocking Social Media Is So 2010 - How to Embrace the Social Web Safely" were discussed.