You know it’s a bad day for cybersecurity when a leading provider of internet firewall services that helps safeguard websites from malicious attacks suffers from a security breach of its own.
Imperva, a popular California-based security vendor of data and application security solutions, disclosed that information belonging to an unspecified subset of users of its cloud firewall product was exposed online.
The breach, to which it was alerted via an unnamed third party on August 20, included email addresses, hashed and salted passwords, API keys, and SSL certificates of a fraction of its customers registered through September 15, 2017.
Imperva’s Cloud Web Application Firewall (WAF) — formerly called Incapsula — scans incoming web traffic for any malicious activity such as SQL injection and denial-of-service attacks, and blocks them from reaching their intended destination.
Earlier this January, it was acquired by private equity firm Thoma Bravo for $2.1 billion, adding to the latter’s cybersecurity portfolio comprising of DigiCert, Imprivata, Barracuda Networks, LogRhythm, McAfee, and Veracode.
While Imperva continues to engage forensics experts, it hasn’t disclosed how or when the leak happened citing an ongoing investigation. It’s not immediately clear if any of the exposed data has been accessed by other third parties — outside of the party that found the breach, that is.
In the wake of the incident, the firm has implemented forced password resets and a 90-day password expiration policy for the product.
Assuming threat actors are in possession of the keys, it could allow them to intercept web traffic destined for a client website, and possibly even divert the traffic to a site owned by the attacker.
So, it’s crucial that Cloud WAF customers change their account passwords, implement single sign-on, enable two-factor authentication, generate and upload new SSL certificate, and reset their API keys.
While it’s usually an industry-wide practice for organizations to wait until they have all the information before telling users, the key is helping them understand what’s happening so that they can protect themselves.