Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, when it was informed about the data exposure impacting Cloud Web Application Firewall (WAF) product.
“We want to be very clear that this data exposure is limited
Laked data included email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017.
The company informed global regulatory agencies and launched an investigation of the security breach with the help of outside forensic experts.
“We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred,” continues the CEO. “We have informed the appropriate global regulatory agencies. We have engaged outside forensic experts.”
Imperva did not share details
“We profoundly regret that this incident occurred and will continue to share updates going forward. In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry,” the company concludes.
The company urges Cloud WAF users to change their passwords, implement Single Sign-On (SSO), enable
(SecurityAffairs – Imperva, data breach)