Imperva today released details about an October 2018 intrusion into a database containing records on customers of its cloud Web application firewall (WAF), formerly known as Incapsula. According to a blog post from CEO Chris Hylen, a database snapshot created for testing met an internal compute instance with outside access. When the compute instance's Amazon Web Services API key was compromised, a malicious actor was able to copy the database.
Within the blog post, CTO Kunal Anand noted that emails and hashed and salted passwords for a subset of WAF customers were exposed. The incident was discovered by a third party and then verified by Imperva, which announced the attack Aug. 27, 2019.
A number of new protection steps have since been taken, Hylen said, including decommissioning inactive compute instances, rotating credentials, strengthening credential management processes, and putting all internal compute instances behind a VPN by default.
The blog post also offers recommendations to Imperva customers, including changing cloud WAF passwords, enabling two-factor authentication, and resetting API keys.
Read more here.