News

Hacked Firm Blames Stolen API Key for Recent AWS Data Breach

• By David Ramel
• 10/11/2019

Another AWS data breach was in the news lately, but unlike a spate of others that were blamed on unsecured data stores, this one has been attributed to a stolen API key.

That claim comes from the victimized company, Imperva, in a post-mortem account of the incident published Oct. 10. The company in August announced the "security incident" that resulted in the leak of customer data such as email addresses, passwords, API keys and TLS keys. The customers affected used the company's Cloud Web Application Firewall (WAF) product,

To scale the user database, Imperva migrated to AWS Relational Database Service (RDS).

"Some key decisions made during the AWS evaluation process, taken together, allowed information to be exfiltrated from a database snapshot," the company said, listing the following:

• We created a database snapshot for testing
• An internal compute instance that we created was accessible from the outside world and it contained an AWS API key
• This compute instance was compromised and the AWS API key was stolen
• The AWS API key was used to access the snapshot

The company said it hasn't found any evidence malicious activity from the loss of customer data, which was from 2017.

Imperva also listed six corrective actions it was taking to improve security.

The incident was another dose of bad news for AWS, which had to deal with a years-long string of data breaches that were primarily attributed to customers not taking necessary precautions to protect their data stores, as opposed to any inherent flaws in the cloud platform. AWS has continually provided guidance to customers to follow best security practices to protect against such breaches.