RSA is a security company. They make those cute little tokens with the LCD window that displays a random number every 60 seconds, ever changing. Your bank (or similar) uses RSA tokens to provide a second factor to your login. You need your username and password (something you know) and the token (something you have) in order to login. This two factor authentication is much more secure than passwords alone. Even if someone guesses your password, they can't login without the token.

The most sacred information RSA holds is the database of cryptographic keys to every token they have ever made. The keys are the only way to know what magic number will appear on your token at any given time. That's the keys to the kingdom.

Well RSA got hacked. Apparently a secretary opened a malicious PDF in an email and her PC got infected. Nothing new there, happens every day. What happened next is her PC had access to this super secure database and the bad guys got the database.

What the bloody hell was the database doing on a network that can even spell Internet, let alone be connected to it? That is what RSA did wrong, very, very badly, wrong.

There are other brands of tokens out there and they are not affected, only RSA branded ones.

So if you have an RSA token, time to get it replaced. The keys are out there. If a thief knows the serial number of your token, they can calculate the magic numbers at any time. Serious.