Security vendor Imperva has made a security breach public that affects customers using the Cloud Web Application Firewall (WAF) product. Cloud WAF analyzes requests coming into applications, and flags or blocks suspicious and malicious activity. Users emails and hashed and salted passwords were exposed, and some customers API keys and SSL certificates were also impacted. The latter are particularly concerning, given that they would allow an attacker to break companies encryption and access corporate applications directly. Imperva said in a website notice that they learned about the exposure via a third party on August 20.
Source: https://threatpost.com/imperva-firewall-breach-api-keys-ssl-certificates/147743/