Data Breach at Imperva Exposes Customer Information
Imperva, a prominent player in the cybersecurity landscape, has confirmed a data breach affecting sensitive information of certain customers. The breach specifically targets users of the company’s Cloud Web Application Firewall (WAF), previously recognized as Incapsula. This security-focused content delivery network (CDN) is well-regarded for its capabilities in mitigating DDoS attacks and safeguarding web applications from various threats.
In an official announcement, CEO Chris Hylen detailed that the company became aware of the breach on August 20, 2019, after being informed about unauthorized data exposure. This incident concerns customers who maintained accounts prior to September 15, 2017. The compromised data includes email addresses, hashed and salted passwords, API keys, and SSL certificates provided by some users.
Imperva has invoked its internal data security response team to investigate the circumstances surrounding the breach. The company has pledged full cooperation with regulatory authorities and has enlisted third-party forensic experts to ascertain how the incident occurred. However, specifics regarding whether the leak arose from a server compromise or a misconfiguration that left data unsecured online remain undisclosed.
As investigations continue, Imperva has assured affected customers that it is proactively enhancing its security protocols. The company also emphasizes its commitment to transparency, promising to share findings and best practices derived from this incident with the broader cybersecurity community.
Business owners utilizing the Cloud WAF are strongly advised to take immediate action, including changing account passwords, enabling two-factor authentication (2FA), and generating new SSL certificates and API keys. These measures are essential in mitigating potential risks following this breach.
From a technical perspective, this incident highlights possible tactics that could align with adversary techniques identified in the MITRE ATT&CK framework. Techniques such as initial access, where attackers gain entry into a network, and misconfiguration, which refers to settings that unintentionally expose data, may have been leveraged in this scenario. The ongoing investigation aims to clarify the methods employed and reinforce defensive strategies.
As the cybersecurity landscape evolves, it is imperative for organizations to remain vigilant and prepared for potential breaches. Imperva’s recent challenges serve as a critical reminder of the importance of robust data security practices in protecting sensitive information.
