Hackers were able to steal an AWS administrative API key housed in a compute instance left exposed to the public internet. Imperva, the security vendor, said this week that a misconfiguration of an Amazon Web Services (AWS) cloud instance allowed hackers to exfiltrate information on customers using its Cloud Web Application Firewall (WAF) product. The company announced the breach in August, but at the time said it didn t know how the attackers were able. In a Thursday post, CTO Kunal Anand laid out what happened.
Source: https://threatpost.com/imperva-data-breach-cloud-misconfiguration/149127/