The Department of Internal Affairs is asking users of the government's Common Web Platform to update their passwords after a vendor's firewall was breached.
Users of Imperva's Cloud Web Application Firewall, formerly known as Incapsula, were alerted about the breach in late August.
The service is used locally by SilverStripe, the operator of the Common Web Platform that hosts many government websites.
"Imperva has advised that this breach has not impacted these websites or user accounts, but that it’s still advisable to update passwords and take steps to secure your account if you have a login to the content management system (CMS) of any of these websites," a note posted on the governments digital website today said.
The breach exposed Imperva user emails and hashed and salted passwords as well as some customer API keys and SSL certificates.
DIA also reminded agencies that, two-factor authentication would be required across all Common Web Platform sites from 27 September.
In April, Imperva launched its first formal channel programs in A/NZ.