In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.
Incapsula, is a CDN service designed to protect customers’ website from all threats and mitigate DDoS attacks.
Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, when it was informed about the data exposure impacting Cloud Web Application Firewall (WAF) product.
“We want to be very clear that this data exposure is limited to our Cloud WAF product.” reads the Hylen’s announcement. “Here is what we know about the situation today:
Laked data included email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017.
Hylen added that for a subset of the Incapsula customers, through September 15, 2017, were exposed API keys and customer-provided SSL certificates.
In a blog post published by Imperva, the company confirmed that it was informed of the incident by someone who had requested a bug bounty. The firm explained that the
The analysis of the data confirmed that attackers stole data in October.
“Our investigation identified an unauthorized use of an administrative API key in one of our production AWS accounts in October 2018, which led to an exposure of a database snapshot containing emails and hashed & salted passwords.” reads the post published by Imperva.
“We compared the SQL dump in the provided dataset to our snapshots and found a match. As of this post, we can say that the elements of customer data defined
The company announced to have adopted additional security measures to protect its customers, including the creation of new instances behind its VPN by default, the implementation of monitoring and patching programs, decommission unused and non-critical compute instances.
Imperva explained that the incident was related to the process migration of its infrastructure to AWS cloud technologies that begun back in 2017.
At the time, the development team created a database snapshot for testing and to evaluate the migration to AWS. An internal compute
In response to the incident, Imperva changed 13,000 passwords, more than 13,500 SSL certificates have been rotated and regenerated roughly 1,400 API keys. The good news is that the company is not aware of malicious account activity associated with the hack.
While the company is still investigating the incident it recommends the following security measures to its customers: