Cybersecurity company Imperva recently announced to the public its embroilment in a data breach. The breach directly affected its cloud web application firewall (WAF).
Based on the public announcement made on its website, Imperva learned about the incident last August 20, 2019. A third-party provider reportedly approached them regarding the vulnerability. Affected accounts include customers who availed services until September 15, 2017.
Some of the compromised data include email addresses of customers and hashed and salted passwords. For a small subset of customers under the company, API keys and customer-provided SSL certificates.
Implications of the Breach and Possible Effects on Customers
According to an interview with Krebson Security, Rich Mogull said hackers could weaken the security system of a company. In particular, Mogull states that hackers who possess API keys and SSL certificates may destabilize the security system in place. Mogull is the founder and vice president of DisruptOpts, a cloud security firm located in Kansas City.
With this information under their possession, attackers may whitelist themselves from the clouds web application firewall. As a result, attackers can undermine security as well as intercept traffic leading to access customer information, reports Krebson Security.
Following the announcement of the data breach, the company’s internal data security team conducted an investigation. Besides conducting an internal investigation, the cybersecurity business also reported the incident to authorities, including global regulatory agencies. To further their research on the event, the company also hired third-party forensic experts.
Moreover, Imperva placed enhanced security protection on their services, such as providing forced password rotations. Cloud WAF products will also have 90-day expirations implemented to prevent the business from encountering similar circumstances again.
In line with these actions, the company also informed affected customers regarding the breach. Company advisors also directed customers towards certain actions that will secure their accounts and personal information.
To safeguard sensitive information, users are advised to change their account passwords for their cloud web application firewall. In addition, the Imperva also recommends other security measures such as enabling two-factor authentication and implementing single sign-on. Individuals are also advised to reset their API keys as well as generate new SSL certificates.
Imperva promises to update affected customers and the public on any new learnings. However, the firm remained mum despite ZD Net reaching out for further comment and information. According to the report, the Imperva spokesperson merely mentioned the ongoing investigation, thus the inability to provide additional information.