Compromised RSA SecurID is to be Replaced

RSA SecurIDFew months ago when I posted about security vendor RSA gets hacked, were not any information from them regarding their RSA SecurID. To refresh part of information to you, there were 40 over millions of RSA SecurID products distributed world wide and each of and every piece of them are compromised. On top of that, they even kept silenced when questioned about the specific are that got compromised on the RSA SecurID. It is claimed that the Seed Code (secret key) of each RSA SecurID were stolen and some even claim that the algorithm to generate the random security number were stolen.

RSA SecurID to be Replaced Now

The Executive Chairman of the security vendor, Art Coviello issued an open letter to all the RSA SecurID customer that the company is ready to replace tens of millions of RSA SecurID device. The stress from all the customers towards this issue on the security vendor finally pays off. Personally, I had already expected this to happen but my question is that, will all the RSA SecurID be replaced or only those device that are going to be used for certain application to be replaced? It remains a doubt to me but no impact on me as I am not a RSA SecurID customer. The number of devices issued out is too much and we are not sure how much loss they will suffer in this action. It is tough to build the trust between a security device vendor and their customers isn’t it?

From the open letter as well, it was mentioned clearly that what they are going to do next to their customers. As part of their building trust strategy with their customer with RSA SecurID, they will receieve:

  • An offer to replace RSA SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
  • An offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting web-based financial transactions.

It is also firmly said that the recent attack to Sony, Epsilon, Google, PBS and Nitendo had nothing to do with the compromised RSA SecurID. The only attack admitted by them was the network intrusion on Lockheed Martin which caused the network to have a major disruption. It was because the employees of Lockheed uses the RSA SecurID to login into the network to access some sensitive data and that compromised device had caused the disruption. As stress begin to grow, RSA had no other choices but to announce the replacement of their devices.

RSA SecurID – My Verdict

In my opinion, RSA made a great sacrifice to replace the compromised devices. If those RSA SecurID were not replaced, they are going to lose more business in the future anyway and thus, it is a lose-lose situation to them. Having the decision to replace the devices, it creates confidence to their customers to continue to invest in their future product. I strongly support the move by RSA this time around and I am sure that, with the lesson they learned from few months back on the compromised RSA SecurID, they are going to grow stronger in their IT security protection knowledge.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Comodo RA Compromised
  2. Security Vendor RSA Gets Hacked
  3. RSA Remediation?
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. ken says:

    just got one from my new computer.. have yet to try it out..
    seems cool.. and yeah, it’s a good move to have the comprised devices replaced to ensure the confidence of their clients 🙂

    • admin says:

      New device is not compromised. Only the device before the date got compromised are affected. The device is cool anyway and glad to know you care for your security 🙂

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)