Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Imperva data Breach: WAF customers’ data exposed

Security firm Imperva revealed it has suffered a data breach that affecting some customers of its Cloud Web Application Firewall (WAF) product. Cybersecurity firm Imperva disclosed a data breach that has exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula. Incapsula, is a CDN service designed […]

imperva

Security firm Imperva revealed it has suffered a data breach that affecting some customers of its Cloud Web Application Firewall (WAF) product.

Cybersecurity firm Imperva disclosed a data breach that has exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Incapsula, is a CDN service designed to protect customers’ website from all threats and mitigate DDoS attacks essential infrastructure.

Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, when it was informed about the data exposure impacting Cloud Web Application Firewall (WAF) product.

“We want to be very clear that this data exposure is limited to our Cloud WAF product.” reads the Hylen’s announcement. “Here is what we know about the situation today:

  • On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017.
  • Elements of our Incapsula customer database through September 15, 2017 were exposed. These included:
    • email addresses
    • hashed and salted passwords

Laked data included email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017.

Hylen added that for a subset of the Incapsula customers, through September 15, 2017, were exposed API keys and customer-provided SSL certificates.

The company informed global regulatory agencies and launched an investigation of the security breach with the help of outside forensic experts.

“We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred,” continues the CEO. “We have informed the appropriate global regulatory agencies. We have engaged outside forensic experts.”

Imperva did not share details o the incident, it is still unclear if it was hacked or if the data leak in the result of some misconfigured components in its infrastructure.

We profoundly regret that this incident occurred and will continue to share updates going forward. In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry,” the company concludes.

The company urges Cloud WAF users to change their passwords, implement Single Sign-On (SSO), enable two-factor authentication (2FA), generate and upload new SSL certificate, and reset their API keys.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Imperva, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]