In late August, Imperva suffered a security incident, resulting in the compromise of sensitive information of some of their Cloud WAF (formerly Incapsula) customers.
On Thursday, Imperva CTO Kunal Anand finally explained how it all happened.
What happened?
The first indication that something went wrong was when, on August 20, 2019, the company received a data set from an unnamed third-party requesting a bug bounty.
The notification triggered an investigation and they discovery that, in October 2018, an administrative API key in one of their production AWS accounts had been misused and a snapshot of a database containing customer information was exposed.
The dataset was from a snapshot as of September 15, 2017, meaning that if contained data of customers who set up Cloud WAF accounts prior and up to that date. This data ..
Support the originator by clicking the read the rest link below.
