Imperva Breach Hits Cloud Customers

Written by

Security vendor Imperva has revealed an “incident” which exposed sensitive data on some of its customers including API keys and SSL certificates.

The California-headquartered firm, which provides application and data security to thousands of enterprise customers around the world, explained what had happened in a brief blog.

CEO Chris Hylen said that Imperva was notified about the incident around a week ago.

“On August 20 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” he added.

“Elements of our Incapsula customer database through September 15, 2017 were exposed. These included: email addresses; hashed and salted passwords. And for a subset of the Incapsula customers through September 15, 2017: API keys; customer-provided SSL certificates.”

As one would expect from a security vendor, Imperva has notified the relevant regulatory authorities and customers and is working with a forensic expert to find out what happened. It has also implemented forced password rotations and 90-day expirations in the Cloud WAF product.

Hylen also recommended affected customers change their user account passwords for Cloud WAF, enable Single Sign On and two-factor authentication, reset API keys and generate/upload a new SSL certificate.

Chris Morales, head of security analytics at Vectra, described the loss of SSL certs and API access as concerning, because “secure web gateways, firewalls, intrusion detection and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform deep packet inspection (DPI).

“As a security vendor, I know our own industry must practice the same vigilance we preach,” he added. “Even then, we must assume a breach can occur and be prepared to respond before information is stolen that can impact our clients.”

What’s hot on Infosecurity Magazine?