[BreachExchange] Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates

Destry Winant destry at riskbasedsecurity.com
Wed Aug 28 02:13:40 EDT 2019


The issue impacts users of the vendor’s Cloud WAF product.

Imperva, the security vendor, has made a security breach public that
affects customers using the Cloud Web Application Firewall (WAF)

Formerly known as Incapsula, the Cloud WAF analyzes requests coming
into applications, and flags or blocks suspicious and malicious

Users’ emails and hashed and salted passwords were exposed, and some
customers’ API keys and SSL certificates were also impacted. The
latter are particularly concerning, given that they would allow an
attacker to break companies’ encryption and access corporate
applications directly.

Imperva has implemented password resets and 90-day password expiration
for the product in the wake of the incident.

Imperva said in a website notice that they learned about the exposure
via a third party on August 20. However, the affected customer
database contained old Incapsula records that go up to Sept. 15, 2017

“We profoundly regret that this incident occurred and will continue to
share updates going forward,” Imperva noted. “In addition, we will
share learnings and new best practices that may come from our
investigation and enhanced security measures with the broader
industry. We continue to investigate this incident around the clock
and have stood up a global, cross-functional team.”

Imperva also said that it “informed the appropriate global regulatory
agencies” and is in the process of notifying affected customers

When asked for more details (such as if this is a misconfiguration
issue or a hack, where the database resided and how many customers are
affected), Imperva told Threatpost that it is not able to provide more
information for now.

More information about the BreachExchange mailing list