In August, Imperva, a security vendor that provides network security software and services admitted that the company’s cloud firewall product, Cloud Web Application Firewall (Cloud WAF), led to the compromise of customer data. In the results of the survey released recently, Imperva said that the data breach occurred because the AWS API key had been stolen.
According to reliable source, this accident has affected customers who have a Cloud WAF account before September 15, 2017. The customer’s email account and password, and some of the customer’s API key, and the provided SSL certificate are leaked. To this end, Imperva have to require customers to chnage more than 13,000 passwords, replace more than 13,500 SSL certificates, and regenerate more than 1,400 API keys.
Imperva said that the company began to adopt cloud technology and gradually migrated to AWS’s Relational Database Service (RDS) in 2017. At that time they built a database snapshot for testing, and there was an internal operation instance that could be accessed externally, which contained an AWS API key. Unfortunately, a hacker has invaded the instance and stolen the API key, and further used it to access the database snapshot.
Imperva learned of the incident after a third party obtained the data set and requested a leak reward in August. The investigation revealed that the Cloud WAF and other products did not contain security vulnerabilities. The data leak occurred because the AWS API key has been stolen.
In addition to notifying customers of changes to passwords, certificates and keys, Imperva has also beefed up security measures, including bringing all new instances into the VPN network, deploying appropriate monitoring and patching mechanisms, and weeding out unused and less important computing instances.
Published by Emerson L. Sullivan & last updated on October 15, 2019 9:11 am