Connect with us

Hi, what are you looking for?


Cloud Security

Imperva Notifies Cloud WAF Customers of Security Incident

California-based cybersecurity firm Imperva revealed on Tuesday that it recently learned of a security incident affecting some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

California-based cybersecurity firm Imperva revealed on Tuesday that it recently learned of a security incident affecting some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

According to Imperva CEO Chris Hylen, the company learned of the incident on August 20, 2019, from a third party. An investigation is ongoing, but Imperva has so far determined that Cloud WAF customers who had accounts through September 15, 2017, are affected.

The exposed Incapsula customer database stored email addresses, hashed and salted passwords, and, in some cases, API keys and customers’ SSL certificates.

It’s unclear how many customers are affected and if the data was exposed as a result of a malicious attack or due to some kind of misconfiguration.

Imperva has highlighted that the incident only impacts its Cloud WAF product and affected customers are being informed directly.

In response to the incident, the company has hired outside forensics experts to assist with the investigation, informed global regulator agencies, and implemented forced password rotations and 90-day expirations for the Cloud WAF product.

“We profoundly regret that this incident occurred and will continue to share updates going forward. In addition, we will share learnings and new best practices that may come from our investigation and enhanced security measures with the broader industry,” Hylen said.

Advertisement. Scroll to continue reading.

Imperva acquired cloud-based website performance and security service Incapsula in 2014. Incapsula was a majority owned subsidiary even before the acquisition.

“Losing SSL certificates and API access to an enterprise network is concerning. Secure web gateways, firewalls, intrusion detection and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform DPI,” Chris Morales, Head of Security Analytics at Vectra, told SecurityWeek

“While we often point to lack of maturity of security operations or misconfiguration of cloud systems as to why a company would miss an attack, it is even more unfortunate when a security vendor who builds a cloud security product is compromised that should have the skills and capabilities to detect and respond to cyberattacks.

“As a security vendor, I know our own industry must practice the same vigilance we preach. Even then, we must assume a breach can occur and be prepared to respond before information is stolen that can impact our clients,” he added.

Related: Russian Hackers Claim Breach of Three U.S. Anti-Virus Companies

Related: Researchers Claim They Bypassed Cylance’s AI-Based Antivirus

Related: Attack on Software Firm Was Sophisticated, Highly Targeted

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.