Security vendor RSA has admitted that hackers breached its systems, extracting undisclosed product information on its widely-used SecurID two-factor authentication tokens.
Chief executive officer Art Coviello wrote to his blog that it had begun "an extensive investigation" and was working with authorities after the "extremely sophisticated cyber attack" was detected.
"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello wrote.
"We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."
Coviello said RSA was throwing staff and channel partner resources at customers "to ensure their security and trust".
He said that customer and employee data had not been compromised, nor had any other systems owned by RSA's parent EMC.
RSA said its SecurID tokens were the "gold standard in two-factor user authentication" and that they were the "choice of over 25,000 customers worldwide".