Imperva Details Response to Customer Database Exposure

  /     /     /  
Publicated : 23/11/2024   Category : security

Imperva Details Response to Customer Database Exposure


The cloud securitys CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.


Imperva today released details about an October 2018 intrusion into a database containing records on customers of its cloud Web application firewall (WAF), formerly known as Incapsula. According to a blog post from CEO Chris Hylen, a database snapshot created for testing met an internal compute instance with outside access. When the compute instances Amazon Web Services API key was compromised, a malicious actor was able to copy the database.
Within the blog post, CTO Kunal Anand noted that emails and hashed and salted passwords for a subset of WAF customers were exposed. The incident was discovered by a third party and then verified by Imperva, which announced the attack Aug. 27, 2019.
A number of new protection steps have since been taken, Hylen said, including decommissioning inactive compute instances, rotating credentials, strengthening credential management processes, and putting all internal compute instances behind a VPN by default.
The blog post also offers recommendations to Imperva customers, including changing cloud WAF passwords, enabling two-factor authentication, and resetting API keys.
Read more 
here
.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for 
more information
 and, to register, 
here
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Imperva Details Response to Customer Database Exposure