Imperva, a cybersecurity company providing cloud-based web application firewall (WAF) and DDoS protection services, disclosed in August 2019 that a data breach had exposed customer data for its Cloud WAF (formerly Incapsula) product. The breach originated from an October 2017 database migration in which an Amazon RDS database snapshot was inadvertently made publicly accessible. An unknown third party subsequently discovered and accessed the snapshot. The exposed data included email addresses, hashed and salted passwords, API keys, and TLS/SSL certificates belonging to Imperva’s Cloud WAF customers. The irony of a cybersecurity company suffering a breach through basic cloud misconfiguration attracted significant industry attention. Imperva’s own post-mortem identified the root cause as an unintended public RDS snapshot created during infrastructure migration — a misconfiguration that went undetected for nearly two years. The incident is cited as a case study in cloud security and the importance of regular cloud configuration auditing.