Banner Default Image

Imperva blames data breach on stolen AWS API key

over 4 years ago by Lucy Cinder

Imperva blames data breach on stolen AWS API key

Cyber Security

Cyber-security firm Imperva have published a detailed post-mortem report of a security breach the company disclosed two months ago, in August.

The company blamed the security breach on an Amazon Web Services (AWS) API key a hacker stole from an internal system that was left accessible from the internet.

The post-mortem is a little bit convoluted, but we summarized the series of events that led to the Imperva breach in the list below:

  • Imperva said it experienced a period of business growth in 2017.
  • As a result, the company began adopting cloud technologies to scale its business and infrastructure.
  • Imperva decided to evaluate AWS' Relational Database Service (RDS) to scale its user database.
  • The company uploaded a snapshot of its customer database to a test AWS RDS instance.
  • But in an unrelated incident, the company left an internal system accessible from the internet.
  • This internal system stored a copy of the company's AWS API key.
  • A hacker found this server, described as a "compute instance," and stole the API key.
  • The hacker used the AWS API key to access Imperva's cloud infrastructure, where he found the AWS RDS service the company used for testing.

Imperva didn't provide exact dates for the events listed above, so we don't yet know for how much time the hacker had access Imperva's servers.

However, the company said that sometime in October 2018, the intruder began downloading a copy of the database snapshot they uploaded on the AWS RDS account.

Imperva CEO Chris Hylen said that they learned of the hack months later, on August 20, 2019, when a third-party contacted the company, provided a copy of the stolen data, and then requested a bug bounty.

The company didn't say if this third-party was a legitimate security researcher or the hacker trying to earn a reward from the company he previously hacked.

Banner Default Image

Latest Jobs