Imperva disclosed a security incident that impacts customers of its cloud web application firewall (WAF), formerly known as Incapsula.
The company learned from a third party of a data exposure that impacts a subset of customers of their Cloud WAF product.
Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers. For a small number of users, API keys and customer-provided SSL certificates were also exposed.
Imperva said the security incident only affected customers of its cloud WAF, and not other products.
Source: https://www.zdnet.com/article/imperva-discloses-security-incident-impacting-cloud-firewall-users/
TPRM report: https://scoringcyber.rankiteo.com/company/imperva
"id": "imp11810423",
"linkid": "imperva",
"type": "Data Leak",
"date": "08/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 'Subset of customers',
'industry': 'Cybersecurity',
'name': 'Imperva',
'type': 'Company'}],
'data_breach': {'data_encryption': 'Hashed and salted passwords',
'personally_identifiable_information': ['email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['email addresses',
'hashed and salted passwords',
'API keys',
'customer-provided SSL '
'certificates']},
'description': 'Imperva disclosed a security incident that impacts customers '
'of its cloud web application firewall (WAF), formerly known '
'as Incapsula. The company learned from a third party of a '
'data exposure that impacts a subset of customers of their '
'Cloud WAF product. Exposed data included customer email '
'addresses, along with hashed and salted passwords, for a '
'subset of customers. For a small number of users, API keys '
'and customer-provided SSL certificates were also exposed. '
'Imperva said the security incident only affected customers of '
'its cloud WAF, and not other products.',
'impact': {'data_compromised': ['email addresses',
'hashed and salted passwords',
'API keys',
'customer-provided SSL certificates'],
'systems_affected': ['Cloud WAF']},
'title': 'Imperva Cloud WAF Data Exposure Incident',
'type': 'Data Exposure'}