API keys and SSL certs at risk after security incident

Security vendor Imperva has admitted a serious breach affecting customers of its Cloud WAF (web application firewall) product, formerly known as Incapsula.

API keys, customer email addresses, hashed and salted passwords, as well as SSL Certificates, have all been exposed by the breach, which Imperva said affected a “subset” of its customers who had accounts dating back to September 2017.

The exposure of customer SSL certificates is of particular note since it could potentially break end-to-end encryption.

Imperva learned of the data breach last week, following a tip-off from an unnamed third party on August 20.

Since confirming the breach, the company has brought in forensic experts and information, as part of an ongoing incident response operation.

The security vendor has “implemented forced password rotations and 90-day expirations in our Cloud WAF product”, in addition to contacting customers directly to inform them about the steps they ought to be taking to safeguard their account and data.

Customers who had accounts with Imperva through September 15, 2017, ought to change user account passwords, enable two-factor authentication, generate and upload a new SSL certificate, and reset API keys, as explained in a blog post by Imperva chief executive Chris Hylen.

“We profoundly regret that this incident occurred and will continue to share updates going forward,” Hylen said.

“In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry.”

YOU MAY ALSO LIKE ModSecurity: Core Rule Set update addresses denial-of-service vulnerability