CyberNews Briefs

Imperva blames data breach on stolen AWS API key

Last month, cybersecurity firm Imperva announced that the data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017. This week, the company published an analysis of the breach, which shows that the incident was made possible by the company accidentally leaving an internal system exposed to the web in 2017.

A hacker who found the exposed system was able to obtain an Amazon Web Services (AWS) API key from it, and subsequently used this key to access Imperva’s cloud environment, where they found a database snapshot from September 15, 2017 that had been used for testing. The attacker downloaded the snapshot in October of 2018, but the firm did not find out about this until an unknown third party disclosed the incident in August of 2019. The third party wanted a bug bounty for the disclosure. After Imperva informed its customers of the breach, around 13,000 user passwords were changed and over 13,500 SSL certificates were rotated.

Read more: Imperva blames data breach on stolen AWS API key

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.