The cybersecurity firm has released a detailed update on the security breach that was disclosed in August.
The data breach at Imperva exposed the email addresses, API keys, scrambled passwords and SSL certificate of some firewall users.
In the update, the company stated that following a thorough investigation with internal security teams and external forensics specialists, the breach was due to the unauthorised use of an administrative API key in one of their production AWS accounts in October 2018.
Kunal Anand, Chief Technology Officer, Imperva explained in the update that back in 2017, the company changed to the AWS Relational Database Service (RDS) and as part of this process a database snapshot was created for testing.
Imperva’s IT team also created an internal compute instance that contained an AWS API key, which was unfortunately compromised. Thus the AWS API key was stolen and had been used to access the snapshot.
Imperva has since taken steps to improve their security protocols including, increasing audit of snapshot access, applying tighter security access controls and decommissioning inactive compute instances.
Other steps include rotating credentials and strengthening the companies credential management processes, and putting all internal computer instances behind a VPN by default.
Anand stated that no malicious behaviour targeting customers was identified however customers are advised to remain vigilant.
Anand said: “I’d like to share a direct message from all of us here at Imperva for our customers and partners: we regret that this incident occurred and have been working around the clock to learn from it and improve how we build and run Imperva.
“Security is never “done” and we must continue to evaluate and improve our processes every single day. Our vision remains the same: to lead the world’s fight on behalf of our customers and their customers to keep data and applications safe from cybercriminals.
“Now, more than ever, we commit to our vision, where data and applications are kept safe.”
The post #Privacy: Imperva blames AWS stolen API key for data breach appeared first on PrivSec Report.