Imperva Announces Data Breach that Exposes Cloud WAF Customers

• Imperva Cloud WAF users have had their API keys and SSL certificates stolen by hackers.
• The IT security firm has announced the incident and provided a guide on how to secure your account.
• The data breach affects an undisclosed, but possibly a very large number of websites.

Imperva, the California-based IT security expert, has announced that they have suffered a data breach which exposed the email addresses, hashed and salted passwords, API keys, and SSL certificates of some of its Incapsula users. Incapsula is Imperva’s cloud-based firewall solution (WAF), and the company makes it very clear in their announcement that the breach is limited to this product alone. The discovery of the security incident took place on August 20, 2019, and the company has already implemented several securing steps as the investigation is ongoing at the moment.

For example, they have implemented forced password rotations and 90-day expiration periods in the Cloud WAF solution. All of the impacted customers are receiving notification emails right now, while the regulatory agencies that deal with data protection have also been informed about the incident. According to Imperva, the subset of the customers who have been compromised are clients who created their Cloud WAF accounts after September 15, 2017. These customers are now urged to change their user account passwords, implement single sign-on, enable two-factor authentication, generate and upload a new SSL certificate, and reset their API keys. A guide on how to do all that is provided in the notification message to them.

The Cloud WAF product helps clients check their communications for suspicious activity or attack events, and then filters out the malicious traffic by routing only the “clean” traffic to the intended destination. This is a very important role for a tool in the industry, and one that has helped Imperva establish their position among the top cloud-based firewall providers in the world. With the incident that compromised the API keys and SSL certificates of the WAF users, the websites of these customers are now susceptible to traffic interception, traffic modification, and even traffic diversion.

The question now is, how many customers have been compromised, and how many websites are currently vulnerable to this type of attacks. For now, Imperva only mentioned a “subset” of users, so no definite numbers were provided. Unfortunately for Imperva, this incident is attributed solely to them, and it’s certainly going to have an impact on the trust they try to build and maintain with customers. Moreover, the particular occasion highlights the fact that experienced and competent cyber-security companies like Imperva can still mess up and expose sensitive client data, as they are continuously and vigorously targeted by hackers.

Do you have something to comment on the above? Let us know of your opinion in the comments down below, and don’t forget to check out our socials, on Facebook and Twitter.