Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Imperva Notifies Cloud WAF Customers of Security Incident

California-based cybersecurity firm Imperva revealed on Tuesday that it recently learned of a security incident affecting some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

California-based cybersecurity firm Imperva revealed on Tuesday that it recently learned of a security incident affecting some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

According to Imperva CEO Chris Hylen, the company learned of the incident on August 20, 2019, from a third party. An investigation is ongoing, but Imperva has so far determined that Cloud WAF customers who had accounts through September 15, 2017, are affected.

The exposed Incapsula customer database stored email addresses, hashed and salted passwords, and, in some cases, API keys and customers’ SSL certificates.

It’s unclear how many customers are affected and if the data was exposed as a result of a malicious attack or due to some kind of misconfiguration.

Imperva has highlighted that the incident only impacts its Cloud WAF product and affected customers are being informed directly.

In response to the incident, the company has hired outside forensics experts to assist with the investigation, informed global regulator agencies, and implemented forced password rotations and 90-day expirations for the Cloud WAF product.

“We profoundly regret that this incident occurred and will continue to share updates going forward. In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry,” Hylen said.

Imperva acquired cloud-based website performance and security service Incapsula in 2014. Incapsula was a majority owned subsidiary even before the acquisition.

“Losing SSL certificates and API access to an enterprise network is concerning. Secure web gateways, firewalls, intrusion detection and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform DPI,” Chris Morales, Head of Security Analytics at Vectra, told SecurityWeek

“While we often point to lack of maturity of security operations or misconfiguration of cloud systems as to why a company would miss an attack, it is even more unfortunate when a security vendor who builds a cloud security product is compromised that should have the skills and capabilities to detect and respond to cyberattacks.

“As a security vendor, I know our own industry must practice the same vigilance we preach. Even then, we must assume a breach can occur and be prepared to respond before information is stolen that can impact our clients,” he added.

Related: Russian Hackers Claim Breach of Three U.S. Anti-Virus Companies

Related: Researchers Claim They Bypassed Cylance’s AI-Based Antivirus

Related: Attack on Software Firm Was Sophisticated, Highly Targeted

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...