A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.

Dark Reading Staff, Dark Reading

August 28, 2019

1 Min Read

Imperva has announced that the cloud web application firewall product formerly called Incapsula suffered a data exposure that allowed unauthorized access to customer data. The company said that a third party informed it on August 20 of the exposure, which affets customers who had Incapsula accounts through September 15, 2017.

According to the notice posted on the CEO's blog, a subset of Incapsula customers had email addresses, hashed and salted passwords, API keys, and customer-provided SSL certificates exposed. The blog post notes that the company is taking a variety of actions addressing the exposure, from engaging forensics experts and informing affected customers to forcing password rotations.

For more, read here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'Culture Eats Policy for Breakfast': Rethinking Security Awareness Training."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights