[j_s]

https://news.ycombinator.com/item?id=12069784

>mdewinter(2016Jul): They [undisclosed HSM vendor] did, with undocumented commands, export the key from the device in an unencrypted format and loaded it into the other model so that we could continue our operation.

(The first comment I ever favorited on HN.)

[synicalx]

Wow thanks for the link, that's a bit concerning. Not an expert on HSMs, but this does seem like a fairly serious design flaw?