This one is as close to stealing a cop car from a police station. Cybersecurity firm, Imperva, which has often been on the forefront in the information security space, is the latest victim of a massive data breach. This not only takes a dig at the company’s clientele but even ruins the reputation of the company.
The incident was reported by Kerbs on Security. According to the reports, Imperva recently notified its customers that a data breach in Incapsula, the firm’s cloud Web Application Firewall (WAF) product.
“On August 20, 2019, we learned from a third-party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” wrote Heli Erickson, director of analyst relations at Imperva. “We want to be very clear that this data exposure is limited to our Cloud WAF product.”
“While the situation remains under investigation, what we know today is that elements of our Incapsula customer database from 2017, including email addresses and hashed and salted passwords, and, for a subset of the Incapsula customers from 2017, API keys and customer-provided SSL certificates, were exposed,” he added.
Imperva has been among the three most popular Web-based firewall providers. The attack and the possession of customer’s API keys and SSL certificates pose a much greater risk.
Imperva had recently signed an agreement to acquire Distil Networks, a Bot Management startup, to help thwart bot attacks. The California-headquartered firm developed and sold information security software for databases and web applications, on-premises, in the cloud, and across hybrid environments.
It also signed an agreement to acquire network management startup Prevoty for $140 million to provide security solutions for application services residing on-premises and in the cloud. The agreement allowed both companies to expand their customers’ security capabilities and their visibility into how applications are accessed, and how applications and users interact with data. It gave deeper insights to customers to understand the security risks and the ability to protect their business from cybercriminals.