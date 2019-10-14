Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Stolen Cloud API Key to Blame for Imperva Breach

A security breach which led to the compromise of customer data at Imperva was caused by a stolen API key for one of its Amazon Web Services (AWS) accounts, the firm has revealed.

The firm was notified of the incident, which affected a subset of its Cloud WAF customers, by a third party at the end August.

Chief technology officer, Kunal Anand, explained in a blog post that the firm decided back in 2017 to migrate to the AWS Relational Database Service (RDS) in order to provide greater scale for its user database.

As part of this process the firm created a database snapshot for testing on September 15, 2017.

Separately, Imperva’s IT team created an internal compute instance containing an AWS administrative API key. Unfortunately, this server was left exposed and subsequently found by a hacker, who stole the all-important key and used it to access the database snapshot, exfiltrating the information in October 2018.

The stolen data included email addresses, hashed and salted passwords, API keys, and TLS keys — although Anand claimed to have found no evidence so far that it is being abused for malicious ends.

Imperva has since tightened its internal security, by ensuring new instances are created behind a VPN, unused and non-critical instances are decommissioned, and by putting monitoring and patching programs in place.

Other corrective actions taken include an increase in the frequency of infrastructure scanning, tighter access controls, and an increase in auditing of snapshot access.

At Imperva’s request, more than 13,000 customer passwords were changed and over 13,500 SSL certificates rotated following the breach, highlighting the scale of the incident. In addition, over 1400 API keys were regenerated, according to Anand.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

#SecTorCa: Millions of Phones Leaking Information Via Tor

2
News

Data of 250K Users of Sex Industry Website on Sale for $300

3
News

Mississippi Shows Flagrant Disregard for Cybersecurity

4
News

Most Americans Are Clueless About Private Browsing

5
News

Microsoft and NIST Team Up on Patching Guide

6
News

US Homeland Security Wants to Subpoena ISPs to Hand Over Data

1
Magazine Feature

Q&A: Bruce Hallas

2
News

Stolen Cloud API Key to Blame for Imperva Breach

3
News

Scottish Teens Charged With Met Police Hack

4
News

Microsoft and NIST Team Up on Patching Guide

5
Opinion

Why Understanding the User Experience is Essential to Good Security

6
News

Mississippi Shows Flagrant Disregard for Cybersecurity

1
Webinar

Mobile Access: Best Practices for a Modern Security Approach

2
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

3
Webinar

Mitigating the Spear-Phishing Attack Threat

4
Webinar

#HowTo Improve Security & Efficiency for Your File Transfers

5
Webinar

The Key to Successful Cybersecurity Projects: Asset Management - Asking the Right Questions

6
Webinar

Zero Trust in Practice: Why Identity Drives Next-Gen Access

1
Interview

Interview: Shlomi Gian, CEO, CybeReady

2
Blog

Signal From Noise: How to Win Customers and Influence CISOs

3
Opinion

Thinking Outside the National Vulnerability Database Box

4
Blog

Security by Sector: Two in Five Real Estate Pros Say Industry is Unprepared for Cyber-Attacks

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
News Feature

EternalGlue: Using NotPetya as a Testing Tool