Imperva, one of the biggest firewall services providers in the industry, informed its customers on Tuesday that it suffered a data breach.
The cybersecurity firm said it learned on August 20 that a third party improperly accessed the email addresses, hashed passwords, API keys, and SSL certificates of a “subset of customers” who had accounts through September 15, 2017.
“We want to be very clear that this data exposure is limited to our Cloud WAF (Web Application Firewall) product,” wrote Heli Erickson, director of analyst relations at Imperva.
“While the situation remains under investigation, what we know today is that elements of our Incapsula customer database from 2017, including email addresses and hashed and salted passwords, and, for a subset of the Incapsula customers from 2017, API keys and customer-provided SSL certificates, were exposed.”
Potential data exposure
The breach could impact the security of customer data in several ways, according to Rich Mogull, founder and vice president of product at cloud security firm DisruptOps.
“Attackers could whitelist themselves and begin attacking the site without the WAF’s protection,” Mogull told KrebsOnSecurity. “They could modify any of the security Incapsula security settings, and if they got [the target’s SSL] certificate, that can potentially expose traffic.”
Acknowledging the irony in a security breach affecting a security service provider, Mogull added that “this is the kind of mistake that’s up there with their worst nightmare.”
Imperva said it has forced a reset of all passwords that haven’t been used for 90 days and is in the process of contacting impacted customers. The firm has urged all of its customers to update their passwords as a precaution.
“We profoundly regret that this incident occurred and will continue to share updates going forward,” Imperva said in a statement. “In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry. Imperva will not let up on our efforts to provide the very best tools and services to keep our customers and their customers safe.”