SPOT Report – Imperva Security Breach

By Drake Brignac, 

Overview

The purpose of this Deepwatch SPOT Report is to provide awareness in relation to an Imperva Security breach. Imperva disclosed an incident that impacted a subset of their customer base for the company’s Incapsula Web Application Firewall (WAF) product.

Details

On August 27, 2019 Imperva Security announced a security incident that resulted in a data exposure impacting their Cloud WAF product, formerly known as Incapsula. On August 20, 2019, Imperva security learned from a third party of a data exposure that impacted their Cloud WAF product line. Imperva stated users who had accounts through September 15, 2017 were impacted by this data exposure. Imperva released a list of data set elements that were exposed related to incapsula customers that included:

• email addresses
• hashed and salted passwords
• API keys
• customer-provided SSL certificates

Information on how the breach happened has yet to be disclosed by Imperva.

Recommendations

Please reference the Imperva’s website to see the most recent updates and Imperva based recommendations.

• Change user account passwords for Cloud WAF (https://my.incapsula.com)
• Implement Single Sign-On (SSO)
• Enable two-factor authentication
• Generate and upload new SSL certificate
• Reset API keys

Contributors

Drake Brignac, Threat Hunter

Supporting Information

• Imperva Incident Update: https://www.imperva.com/blog/ceoblog/
• Krebs On Security: https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/