The data breach that recently affected certain customers of Imperva’s Cloud Web Application Firewall (WAF) product was made possible by a series of missteps as the cybersecurity company migrated to a cloud-based database service, the firm’s chief technology officer disclosed yesterday in a blog post.
Collectively, these errors allowed an unauthorized party to steal an administrative API key for one of Imperva’s production Amazon Web Services accounts back in October 2018, CTO Kunal Anand said in his detailed explanation. This key gave the attacker access to a database snapshot containing a variety of information on customers who had signed up for accounts through Sept. 15, 2017, but not afterwards.
Such information included email addresses, hashed and salted passwords and, for a subset of customers, API keys and customer-provided SSL certificates.
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.