Imperva data Breach: WAF customers’ data exposed

Pierluigi Paganini August 27, 2019

Security firm Imperva revealed it has suffered a data breach that affecting some customers of its Cloud Web Application Firewall (WAF) product.

Cybersecurity firm Imperva disclosed a data breach that has exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Incapsula, is a CDN service designed to protect customers’ website from all threats and mitigate DDoS attacks essential infrastructure.

Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, when it was informed about the data exposure impacting Cloud Web Application Firewall (WAF) product.

“We want to be very clear that this data exposure is limited to our Cloud WAF product.” reads the Hylen’s announcement. “Here is what we know about the situation today:

  • On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017.
  • Elements of our Incapsula customer database through September 15, 2017 were exposed. These included:
    • email addresses
    • hashed and salted passwords

Laked data included email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017.

Hylen added that for a subset of the Incapsula customers, through September 15, 2017, were exposed API keys and customer-provided SSL certificates.

The company informed global regulatory agencies and launched an investigation of the security breach with the help of outside forensic experts.

“We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred,” continues the CEO. “We have informed the appropriate global regulatory agencies. We have engaged outside forensic experts.”

Imperva did not share details o the incident, it is still unclear if it was hacked or if the data leak in the result of some misconfigured components in its infrastructure.

We profoundly regret that this incident occurred and will continue to share updates going forward. In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry,” the company concludes.

The company urges Cloud WAF users to change their passwords, implement Single Sign-On (SSO), enable two-factor authentication (2FA), generate and upload new SSL certificate, and reset their API keys.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Imperva, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment