Image” Imperva
Imperva didn’t provide exact dates for the events listed above, so we don’t yet know for how much time the hacker had access Imperva’s servers.
However, the company said that sometime in October 2018, the intruder began downloading a copy of the database snapshot they uploaded on the AWS RDS account.
Imperva CEO Chris Hylen said that they learned of the hack months later, on August 20, 2019, when a third-party contacted the company, provided a copy of the stolen data, and then requested a bug bounty.
The company didn’t say if this third-party was a legitimate security researcher or the hacker trying to earn a reward from the company he previously hacked.
In its August blog post, Imperva also didn’t say how many users were impacted, but today, Hylen provided a rough estimate.
The Imperva CEO said that after the company notified impacted customers of the security breach, customers changed 13,000 passwords, rotated more than 13,500 SSL certificates, and regenerated more than 1,400 Imperva API keys.
Only customers who signed up with Imperva before September 15, 2017, were impacted — as that was the date of the database snapshot the company uploaded to its AWS RDS test account.
Imperva said such a breach wouldn’t be possible again today because they moved all internal compute instances behind a VPN by default in the meantime, in a security upgrade unrelated to the breach.
Nonetheless, the company now joins a long list of companies that had customer data stolen because of accidental exposures of internal systems on the internet.
Security
DNS-over-HTTPS causes more problems than it solves, experts say
FBI warns about attacks that bypass multi-factor authentication (MFA)
White-hat hacks Muhstik ransomware gang and releases decryption keys
Mark Zuckerberg thinks he’s so misunderstood (ZDNet YouTube)
Best home security of 2019: Professional monitoring and DIY (CNET)
Most Fortune 500 companies still opaque about security measures (TechRepublic)
Related Topics:
Cloud
Security TV
Data Management
CXO
Data Centers