Last Updated on 22/11/2021 by Nidhi Khandelwal
HPE has revealed that data repositories for its Aruba Central network monitoring technology have been hacked, allowing a threat actor to gain access to collected data on monitored devices and their whereabouts.
Aruba Central is a cloud networking platform that lets administrators manage massive networks and components from a single interface.
A threat actor gained a “access key” that allowed them to examine customer data stored in the Aruba Central environment, HPE announced today. Between October 9th, 2021, and October 27th, 2021, when HPE cancelled the key, the threat actor had access for 18 days.
“The data repositories also held records of the date, time, and the actual Wi-Fi access point to which a device was connected, which could be used to pinpoint a user’s general location. There were no sensitive or special categories of personal data (as defined by GDPR) in the environment “according to the FAQ.
Because the word ‘buckets’ appeared several times in HPE’s FAQ, a threat actor most likely gained the access key for a storage bucket used by the platform.
After conducting an investigation into the incident, HPE determined that no more than 30 days of data was stored in the environment at any given time, as data in the Aruba Central environment’s network analytics and contact tracing functionalities were automatically erased every 30 days.
Personal data was present in the environment, but not sensitive personal data. MAC addresses, IP addresses, device operating system type and hostname, and some usernames are among the personal data. Users’ Access Point (AP) names, vicinity, and time spent connected to that AP were also included in the contact tracing data.