Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates
Imperva, the security vendor, has made a security breach public that affects customers using the Cloud Web Application Firewall (WAF) product.
Formerly known as Incapsula, the Cloud WAF analyzes requests coming into applications, and flags or blocks suspicious and malicious activity.
Users’ emails and hashed and salted passwords were exposed, and some customers’ API keys and SSL certificates were also impacted. The latter are particularly concerning, given that they would allow an attacker to break companies’ encryption and access corporate applications directly.
Imperva has implemented password resets and 90-day password expiration for the product in the wake of the incident.
Imperva said in a website notice that they learned about the exposure via a third party on August 20. However, the affected customer database contained old Incapsula records that go up to Sept. 15, 2017 only.
Imperva announce breach of their WAF product, dates back to 2017, includes SSL certificates (potentially breaking end to end encryption) https://www.imperva.com/blog/ceoblog/
“We profoundly regret that this incident occurred and will continue to share updates going forward,” Imperva noted. “In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry. We continue to investigate this incident around the clock and have stood up a global, cross-functional team.”
Imperva also said that it “informed the appropriate global regulatory agencies” and is in the process of notifying affected customers directly.