Imperva Hacked – Email addresses, API keys & SSL certificates of WAF Customers Exposed

Imperva, one of the leading cyber-security firm disclosed a data breach that impacts the customers’ data of Cloud Web Application Firewall (WAF).

According to the blog post published by Imperva CEO Chris Hylen, “elements of our Incapsula customer database through September 15, 2017, were exposed”.

The company learned the data exposure on August 20, 2019, an exposure limited only to the customers who have Cloud WAF product through September 15, 2017.

What are the Data Exposed?

The company has not provided any details about how the breach happened and they are currently investigating the incident.

Exposed data includes email addresses, hashed and salted passwords, API keys and customer-provided SSL certificates of customers who registered before September 15, 2017.

“We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred. “

“We are informing all impacted customers directly and sharing the steps we are taking to safeguard their accounts and data, and additional actions they can take themselves.”

Recommended Security Measures

  • Change user account passwords for Cloud WAF
  • Implement Single Sign-On (SSO)
  • Enable two-factor authentication
  • Generate and upload new SSL certificate
  • Reset API keys

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking New updates.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

New MCP-Based Attack Techniques and Their Application in Building Advanced Security Tools

MCP, developed by Anthropic, allows Large Language Models (LLMs) to interface seamlessly with external tools,…

6 minutes ago

Cyberattack Targets Iconic UK Retailer Harrods

Luxury department store Harrods has become the latest UK retailer to face a cyberattack, joining…

36 minutes ago

Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.

Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber…

50 minutes ago

Why CISOs Are Adopting DevSecOps for Secure Software Development

CISOs adopting DevSecOps strategically enhance security measures while ensuring fast-paced software development, responding to the…

52 minutes ago

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series of…

11 hours ago

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers at…

11 hours ago