By 
Cybersecurity company Imperva unveiled today a security breach has resulted in data exposure impacting a subgroup of customers using its Cloud Web Application Firewall (WAF) product, formerly called Incapsula.
Imperva’s Cloud WAF is a managed service intended to defend cloud services “against known and unknown threats, including all OWASP top 10 and zero-day threats.”
In a blog post published today, the company’s President and Chief Executive Officer Chris Hylen said that the data revelation event is restricted only to the Cloud WAF.
The security violation was divulged on August 20 this year, after a third party claimed that the data revelation impacting some Cloud Web Application Firewall customers with accounts in September 2017.
According to Hylen, elements of our Incapsula customer database through September 15, 2017 were also uncovered, including customer email addresses along with hashed and salted passwords.
Additionally, for some Incapsula customers, API keys and customer-provided SSL certificates were also unveiled to third party access.
“We continue to investigate this incident around the clock and have stood up a global, cross-functional team,” adds Hylen.
Imperva’s CEO did not reveal more information on what data was unveiled or lost as part of this security break or what third parties might have accessed the revealed information, if at all.
