Imperva Disclosed Security Breach Affecting Cloud WAF Customers

Whilst you would expect cybersecurity and IT firms to serve customers with adequate online security measures. However, these firms themselves remain vulnerable to various security threats too. Recently, the cybersecurity firm Imperva has disclosed a security breach that affected customers of its Cloud WAF.

Imperva Revealed Security Breach

In a recent security notice, the popular cybersecurity firm Imperva has revealed a security breach. The incident impacted customers of its Cloud WAF product previously known as ‘Incapsula’.

As disclosed, the company learned of the breach recently from a third-party. They discovered the incident on August 20, 2019, where they found the exposure of data of some of the customers. The company found that the incident impacted a database through September 15, 2019. The leaked or exposed information from the database includes email addresses, hashed and salted passwords.

For a subset of customers, exposed details also included customer-provided SSL certificates and API keys. The company assured that the impact of the incident remained confined to the Cloud WAF product only.

Security Measures Taken

Upon noticing the breach, Imperva began working towards implementing appropriate security measures. These steps include engaging forensic experts and global regulatory agencies, activating internal data security response team, and implementing forced password rotations in Cloud WAF.

In addition, they have also informed customers affected during the incident regarding the breach. They also advise customers to take necessary steps to stay protected.

Some of the security best practices Imperva advised to all users include resetting Cloud WAF user passwords, enabling two-factor authentication, enabling Single Sign-On (SSO), uploading new SSL certificates and resetting API keys.

Recently, a web hosting company Hostinger has also confessed of a breach. The incident allegedly affected 14 million customers, exposing the victims’ personal information and hashed passwords.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Related