Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates (Aug 27, 2019)
Cybersecurity firm Imperva has announced a security breach, impacting customers of Imperva’s Cloud Web Application Firewall (WAF) product previously known as ‘Incapsula’. The company learned of the incident from a third party, and has verified that the affected customer database contained old Incapsula records that go up to September 15, 2017 only. The exposed information from the database includes email addresses, hashed, and salted passwords, as well as some customer API keys and SSL certificates. Imperva has informed customers affected by the incident regarding the breach, and has implemented password resets and 90-day password expiration for the product in the wake of the incident.
Recommendation: It is crucial that your company has password policies in place to avoid repetition across accounts and those that be easily brute-force attacked. Education is the best defense. Using secure and unique passwords for all online accounts is imperative.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.