The leading cybersecurity software company Imperva has revealed a security incident that impacted its Cloud Web Application Firewall (WAF) product, formerly called Incapsula. Because of the incident, the data of customers got exposed.
Imperva learnt about the data exposure from a third party on Aug 20, 2019. The data of the customers who are using Incapsula for the last two years was exposed.
The exposed data included email addresses, hashed and salted passwords. Along with this, the API keys and customer-provided SSL certificates of some of the customers were also impacted.
Imperva provides data security and app security solutions to enterprises, which includes WAF, DDoS Protection, Data Protection, API Security and more. The recent security incident is only impacting the Cloud WAF solution.
In a blog post, Imperva CEO Chris Hylen mentioned that the company has activated an internal data security response team to find how the exposure occurred. The cybersecurity firm is also working with global regulatory agencies and forensic experts.
For the product in question, Imperva has applied forced password rotations and 90-day expirations.
To protect against the Imperva security incident, customers need to follow a number of security measures, such as changing user account passwords, implement Single Sign-on (SSO), enable two-factor authentication, upload new SSL certificate, and reset API keys.
“We profoundly regret that this incident occurred and will continue to share updates going forward,” wrote Chris Hylen.
“In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry. Imperva will not let up on our efforts to provide the very best tools and services to keep our customers and their customers safe.”
This article has been aggregated from dailyhostnews.com and they maybe/are the copyright owners of the same. If you are the Author/Copyright owner of this article and want us to remove the same then send an email to email@example.com so that we can delete it immediately. We sincerely regret and apologies for any inconvenience caused to you due to the same. Though it is your decision but please take note that the link to your website and the article have been given above, within and on the bottom of the article.