HomeNewsAruba Central, a data repository, was found to be hacked

Aruba Central, a data repository, was found to be hacked

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 22/11/2021 by Nidhi Khandelwal

HPE has revealed that data repositories for its Aruba Central network monitoring technology have been hacked, allowing a threat actor to gain access to collected data on monitored devices and their whereabouts.

Aruba Central is a cloud networking platform that lets administrators manage massive networks and components from a single interface.

Aruba Central, a data repository, was found to be hacked 1

A threat actor gained a “access key” that allowed them to examine customer data stored in the Aruba Central environment, HPE announced today. Between October 9th, 2021, and October 27th, 2021, when HPE cancelled the key, the threat actor had access for 18 days.

“The data repositories also held records of the date, time, and the actual Wi-Fi access point to which a device was connected, which could be used to pinpoint a user’s general location. There were no sensitive or special categories of personal data (as defined by GDPR) in the environment “according to the FAQ.

Because the word ‘buckets’ appeared several times in HPE’s FAQ, a threat actor most likely gained the access key for a storage bucket used by the platform.

Aruba Central, a data repository, was found to be hacked 2

After conducting an investigation into the incident, HPE determined that no more than 30 days of data was stored in the environment at any given time, as data in the Aruba Central environment’s network analytics and contact tracing functionalities were automatically erased every 30 days.

Personal data was present in the environment, but not sensitive personal data. MAC addresses, IP addresses, device operating system type and hostname, and some usernames are among the personal data. Users’ Access Point (AP) names, vicinity, and time spent connected to that AP were also included in the contact tracing data.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...