{"id":28722,"date":"2019-08-27T16:43:00","date_gmt":"2019-08-27T16:43:00","guid":{"rendered":"http:\/\/438bec65-67b3-45bc-a8cf-ca79ec4ad5be"},"modified":"2019-08-27T16:43:00","modified_gmt":"2019-08-27T16:43:00","slug":"imperva-discloses-security-incident-impacting-cloud-firewall-users","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/imperva-discloses-security-incident-impacting-cloud-firewall-users\/","title":{"rendered":"Imperva discloses security incident impacting cloud firewall users"},"content":{"rendered":"

\"Imperva\"<\/span>Image” Imperva<\/span> <\/p>\n

Cyber-security and DDoS mitigation firm Imperva disclosed today a security incident that impacts customers of its cloud web application firewall (WAF), formerly known as Incapsula.<\/p>\n

“On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” the company said in a message posted on its website<\/a>.<\/p>\n

Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers the company had registered up until September 15, 2017. For a small number of users, API keys and customer-provided SSL certificates were also exposed.<\/p>\n

Imperva said the security incident only affected customers of its cloud WAF, and not other products.<\/p>\n

As a result of the breach, the company said it began notifying impacted customers and started forcing users to change passwords for their cloud WAF accounts.<\/p>\n

Imperva also apologized to customers, said it also engaged forensics experts to help with the investigation, and “informed the appropriate global regulatory agencies.”<\/p>\n

When reached out for additional comment via email and telephone, an Imperva spokesperson cited the ongoing investigation and said they can’t provide any other details. The questions that ZDNet sent Imperva, and which most customers would like to have answered, are below:<\/p>\n