The company, which was acquired by investment firm Thoma Bravo earlier this year for $2.1 billion, said on its website that it learned of the data exposure from a “third party.”
CEO Chris Hylen wrote: “We want to be very clear that this data exposure is limited to our Cloud WAF product… Elements of our Incapsula customer database through September 15, 2017 were exposed. These included: email addresses; hashed and salted passwords. And for a subset of the Incapsula customers through September 15, 2017: API keys and customer-provided SSL certificates.”