On August 20, 2019, internet firewall services provider Imperva discovered that a security incidentexposed sensitive information for some users of its cloud-based Incapsula WAF (Web Application Firewall) product. The breach impacts customers with accounts through September 15, 2017. The exposed information includes email addresses, hashed and salted passwords, and, in some cases, API keys and customer-provided SSL certificates. An attacker with API keys and SSL certificates could use their access to reduce the security of traffic to and from a customer’s website. Imperva is urging its customers to change their passwords, implement Single Sign-On (SSO), enable multi-factor authentication, generate and upload new SSL certificates, and reset API keys.