Imperva Disclosed Security Breach That Affected Cloud WAF Customers

Whilst you would expect cybersecurity and IT firms to serve customers with adequate online security measures. However, these firms themselves remain vulnerable to various security threats too. Recently, the cybersecurity firm Imperva has disclosed a security breach that affected customers of its Cloud WAF.

Imperva Revealed Security Breach

In a recent security notice, the popular cybersecurity firm Imperva has revealed a security breach. The incident impacted customers of its Cloud WAF product previously known as ‘Incapsula’.

As disclosed, the company learned of the breach recently from a third-party. They discovered the incident on August 20, 2019, where they found the exposure of data of some of the customers. The company found that the incident impacted a database through September 15, 2019. The leaked or exposed information from the database includes email addresses, hashed and salted passwords.

For a subset of customers, exposed details also included customer-provided SSL certificates and API keys. The company assured that the impact of the incident remained confined to the Cloud WAF product only.

Security Measures Taken

Upon noticing the breach, Imperva began working towards implementing appropriate security measures. These steps include engaging forensic experts and global regulatory agencies, activating internal data security response team, and implementing forced password rotations in Cloud WAF.

In addition, they have also informed customers affected during the incident regarding the breach. They also advise customers to take necessary steps to stay protected.

Some of the security best practices Imperva advised to all users include resetting Cloud WAF user passwords, enabling two-factor authentication, enabling Single Sign-On (SSO), uploading new SSL certificates and resetting API keys.

Recently, a web hosting company Hostinger has also confessed of a breach. The incident allegedly affected 14 million customers, exposing the victims’ personal information and hashed passwords.

Let us know your thoughts in the comments.

Related posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs