The leading cybersecurity software company Imperva has revealed a security incident that impacted its Cloud Web Application Firewall (WAF) product, formerly called Incapsula. Because of the incident, the data of customers got exposed.
Imperva learnt about the data exposure from a third party on Aug 20, 2019. The data of the customers who are using Incapsula for the last two years was exposed.
The exposed data included email addresses, hashed and salted passwords. Along with this, the API keys and customer-provided SSL certificates of some of the customers were also impacted.
Imperva provides data security and app security solutions to enterprises, which includes WAF, DDoS Protection, Data Protection, API Security and more. The recent security incident is only impacting the Cloud WAF solution.
In a blog post, Imperva CEO Chris Hylen mentioned that the company has activated an internal data security response team to find how the exposure occurred. The cybersecurity firm is also working with global regulatory agencies and forensic experts.
For the product in question, Imperva has applied forced password rotations and 90-day expirations.
To protect against the Imperva security incident, customers need to follow a number of security measures, such as changing user account passwords, implement Single Sign-on (SSO), enable two-factor authentication, upload new SSL certificate, and reset API keys.
“We profoundly regret that this incident occurred and will continue to share updates going forward,” wrote Chris Hylen.
“In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry. Imperva will not let up on our efforts to provide the very best tools and services to keep our customers and their customers safe.”