As reported on Help Net Security and the Wall Street Journal, RSA has admitted that the breach it suffered in March has resulted in the compromise of their authentication tokens.
It is thought that the admission comes in the wake of cyber intrusions at Lockheed Martin, L3 Communications and Northrop Grumman, three major US military contractors, who use the RSA technology.
RSA’s chairman, Art Coviello, has made an offer to customers to replace all SecureID tokens in use, or provide security monitoring. Additionally, financial institutions have been offered transaction monitoring.
Additional details are sparse, and no information has been released about exactly what the attackers stole which allows them to misuse the tokens, but it is thought likely that the sequence algorithm that generates the numeric sequence used by the tokens may have been compromised.
Many security experts have been dissatisfied with the amount of information released about the compromise, which is thought to have directly impacted hackers ability to compromise the defence contractors systems, as the companies were not aware of the extent of the RSA breach and the implications for their networks.
We’ll update this story further when more information is known.