The data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017, the cybersecurity company has acknowledged. The compromised data included email addresses, encrypted passwords as well as some API keys and customer-provided SSL certificates.
While Imperva says it is disclosing the breach “to do the right thing for all of our constituents,” it failed to provide information about the source of the breach and whether it had any evidence the stolen data had been distributed on the dark web. Chris Morales of Vectra AI said the theft of API keys and SSL certificates is specially concerning for impacted companies.
Read more: Imperva ‘security incident’ exposes customer data
