Imperva discloses security incident impacting cloud firewall users

This is possibly the worst thing to happen to a company that trades on trust. We will all be watching closely to see how/if they recover from this…:

Cyber-security and DDoS mitigation firm Imperva disclosed today a security incident that impacts customers of its cloud web application firewall (WAF), formerly known as Incapsula.

“On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” the company said in a message posted on its website.

Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers the company had registered up until September 15, 2017. For a small number of users, API keys and customer-provided SSL certificates were also exposed.

[…]

Original article here