Despite not being the oldest company in the field of cybersecurity, Imperva has established itself as one of the leaders in this market, offering solutions and advice to help other companies protect the security of their information; however, this does not make it immune to cyberattacks. Web application security experts reported a data breach in the company that has compromised a considerable amount of Imperva customers’ data.
Established in California, USA, Imperva is a
cybersecurity software and services company that provides enterprise data
protection and web application security for multiple companies.
To be more specific, the data breach affects
users of Cloud WAF, the company’s cloud application firewall solution. This is
a product specialized in the mitigation of denial
of service (DoS) attacks and also has other security protection features
of web application security.
The incident was detected about a week ago
after the company received some reports on data exposure from some customers of
this security tool, web application security experts mentioned.
In a statement, company CEO Chris Hylen
mentioned that the data exposed due to this incident include email addresses of
all users of the tool who started using it from September 2017, API keys, SSL
certificates, among other data.
“After detecting the incident, the
implementation of our security breach response protocol began, and an internal
investigation will be conducted and we will exhaust all available resources to
retrieve the compromised information”, mentions the statement.
“International data protection regulators have already been
informed,” Hylen adds.
The company’s web application security experts
still do not determine what methods threat actors used to access and leak this
information, as it is unclear whether any vulnerabilities in their web servers
were exploited or if Imperva staff committed some oversight, miss configuring the
security of some database on the Internet.
The company continues to investigate the data breach,
and they also ensure that customers potentially affected by the incident are
being notified. Other security measures will be announced shortly. “We
deeply regret the inconvenience this incident has caused; we will continue to
share updates in the coming days in line with the progress of our research. We
are confident that this bad experience will help us improve our security
practices and prevent similar incidents in the future,” the statement
concludes.
As the company’s research concludes, web application
security specialists from the International Institute of Cyber Security (IICS)
recommend that users of the Cloud WAF tool reset their passwords to access their
Imperva accounts, in addition to implementing other security layers, such as the
use of multi-factor authentication. Generating and uploading new SSL
certificates and resetting their API keys are also highly recommended measures.
