Cybersecurity Firm Suffers Security Breach, Client Info Exposed

Imperva Cybersecurity Company today reported a safety incident that has led to information exposure influencing a subset of clients using its earlier recognized product, Incapsula, Cloud web application firewall (WAF).

Imperva’s Cloud WFA is a managed service designed to protect cloud services against “known and unknown threats including all OW ASP top 10 threats and zero-days threats.”

The data exposure incident is only limited to the WAF cloud as President and CEO Chris Hylen stated in today’s blog post.

A safety violation was identified only by a subgroup of Cloud WAF (Incapsula) clients, following the report by a third party of information exposure influencing certain Cloud WAF clients by 15 September 2017.

Hylen has also revealed’ Customer Customer Elements Database by September 15, 2017,’ including e-mail addresses and hashed and salted passwords.

API keys and customer SSL certificates have also been subjected to third-party access for some Incapsula clients until September 15, 2017.

“We continue to investigate this incident around the clock and have stood up a global, cross-functional team,” adds Hylen.

Experts from forensics engaged in the inquiry

After finding the safety event affecting some of its clients in the Cloud WAF (Incapsula), Imperva has taken the following measures:

We activated our internal data security response team and protocol, and continue to investigate with the full capacity of our resources how this exposure occurred.

• We have informed the appropriate global regulatory agencies. 
• We have engaged outside forensics experts.
• We implemented forced password rotations and 90-day expirations in our Cloud WAF product. 
• We are informing all impacted customers directly and sharing the steps we are taking to safeguard their accounts and data, and additional actions they can take themselves.

Imperva also recommends the following measures to all of its customers “as a matter of good practice:”