Imperva incident

Imperva identified an unknown threat actor using an administrative AWS API key in one of their production AWS accounts, which led to the exposure of an RDS database snapshot from September 2017 containing email addresses of Imperva Cloud WAF customers, hashed & salted passwords, API keys and TLS keys. The root cause was the presence of the AWS API key on a compute instance that was misconfigured to be publicly exposed. An unknown threat actor compromised this instance in October 2018 and retrieved the key, using it to access the aforementioned database snapshot.