Cyber-security firm Imperva published today a detailed post-mortem report of a security breach the company disclosed two months ago, in August.
The company blamed the security breach on an Amazon Web Services (AWS) API key a hacker stole from an internal system that was left accessible from the internet.
The post-mortem is a little bit convoluted, but we summarized the series of events that led to the Imperva breach in the list below:
Imperva didn't provide exact dates for the events listed above, so we don't yet know for how much time the hacker had access Imperva's servers.
However, the company said that sometime in October 2018, the intruder began downloading a copy of the database snapshot they uploaded on the AWS RDS account.
Imperva CEO Chris Hylen said that they learned of the hack months later, on August 20, 2019, when a third-party contacted the company, provided a copy of the stolen data, and then requested a bug bounty.
The company didn't say if this third-party was a legitimate security researcher or the hacker trying to earn a reward from the company he previously hacked.
In its August blog post, Imperva also didn't say how many users were impacted, but today, Hylen provided a rough estimate.
The Imperva CEO said that after the company notified impacted customers of the security breach, customers changed 13,000 passwords, rotated more than 13,500 SSL certificates, and regenerated more than 1,400 Imperva API keys.
Only customers who signed up with Imperva before September 15, 2017, were impacted -- as that was the date of the database snapshot the company uploaded to its AWS RDS test account.
Imperva said such a breach wouldn't be possible again today because they moved all internal compute instances behind a VPN by default in the meantime, in a security upgrade unrelated to the breach.
Nonetheless, the company now joins a long list of companies that had customer data stolen because of accidental exposures of internal systems on the internet.