Imperva

Imperva

Imperva disclosed a security incident that impacts customers of its cloud web application firewall (WAF), formerly known as Incapsula.

The company learned from a third party of a data exposure that impacts a subset of customers of their Cloud WAF product.

Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers. For a small number of users, API keys and customer-provided SSL certificates were also exposed.

Imperva said the security incident only affected customers of its cloud WAF, and not other products.

Source: https://www.zdnet.com/article/imperva-discloses-security-incident-impacting-cloud-firewall-users/

TPRM report: https://scoringcyber.rankiteo.com/company/imperva

"id": "imp11810423",
"linkid": "imperva",
"type": "Data Leak",
"date": "08/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 'Subset of customers',
                        'industry': 'Cybersecurity',
                        'name': 'Imperva',
                        'type': 'Company'}],
 'data_breach': {'data_encryption': 'Hashed and salted passwords',
                 'personally_identifiable_information': ['email addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['email addresses',
                                              'hashed and salted passwords',
                                              'API keys',
                                              'customer-provided SSL '
                                              'certificates']},
 'description': 'Imperva disclosed a security incident that impacts customers '
                'of its cloud web application firewall (WAF), formerly known '
                'as Incapsula. The company learned from a third party of a '
                'data exposure that impacts a subset of customers of their '
                'Cloud WAF product. Exposed data included customer email '
                'addresses, along with hashed and salted passwords, for a '
                'subset of customers. For a small number of users, API keys '
                'and customer-provided SSL certificates were also exposed. '
                'Imperva said the security incident only affected customers of '
                'its cloud WAF, and not other products.',
 'impact': {'data_compromised': ['email addresses',
                                 'hashed and salted passwords',
                                 'API keys',
                                 'customer-provided SSL certificates'],
            'systems_affected': ['Cloud WAF']},
 'title': 'Imperva Cloud WAF Data Exposure Incident',
 'type': 'Data Exposure'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.