Imperva data breach: WAF clients' passwords and emails affected

Incapsula firewall users registered up until September 15, 2017 are affected

Data and application security solutions offering company Imperva customers affected by a breach that exposed their information online.

An IT security company Imperva disclosed details of a security incident that took place on August 20, 2019.^[1] Data exposure impacted customers of the Cloud Web Application Firewall that was formerly known as Incapsula. According to the statement, data of customers who had accounts through September 15, 2017, got breached. However, the breach did not affect any other products that company sells:

We want to be very clear that this data exposure is limited to our Cloud WAF product.

An unidentified third-party accessed the customer database that included email addresses, as well as salted and hashed passwords. In some cases, API keys and customer-provided SSL certificates were also exposed.

Impacted clients got notified by the company, and users are encouraged to change their passwords for their Cloud WAF accounts.^[2] As forensic experts are employed to investigate, more details can come to light later on, so Imperva could not present much details about the incident.

Cybersecurity companies that protect their clients can also suffer from security incidents

Imperva is a California-based cybersecurity company which is also a leading Internet firewall service provider. The firm helps websites to block cyberattacks from hackers and avoid data breaches – extremely common occurrences in the past decade. The company sells technology and services designed to detect and block malicious web traffic, denial-of-service attacks,^[3] and software applications.

Unfortunately, companies that use the Incapsula WAF rely on it to control all of their website traffic through the service. This way, the communications for any questionable activity get scrubbed and then forwarded to the intended destination. Since the company is at the top three web-based firewall providers in the cybersecurity business, this is a massive incident that may affect the future success of this company.^[4]

Imperva apologized and promised to inform the finding to the customers after the investigation is complete

The unfortunate event shows that no company is immune to cyberattacks and data exposure incidents. Imperfect coding, misconfigured settings, and insecure parts of the network can be the reason for a data breach and hacking campaigns.^[5]

The type of information that gets exposed in one of such incidents can be used in other campaigns and scams or be sold on the underground hacking forums. Such later attacks often can be the primary goal, especially when companies, not everyday people, are the victims of these data breaches.

Imperva has taken precautionary measures and prompted users to follow security steps as a matter of good practice. The company activated needed security protocols, informed all agencies, and engaged the outside forensic experts.

We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred.

Also, all impacted customers should already be informed about the issue, and since the customer data got exposed, users of the affected Cloud WFA should:

• change their account passwords;
• implement single sign-on;
• enable two-factor authentication;
• rest API keys;
• generate new SSL certificates.