Hackers Breached Aruba Central
The Hewlett Packard Enterprise Confirmed the Hack.
The Hewlett Packard Enterprise Company, located in Houston, Texas, is an American global enterprise information technology company. HPE was created in San Jose, California, on November 1, 2015, as part of the Hewlett-Packard company’s separation.
HPE has confirmed that data repositories for its Aruba Central network monitoring technology have been hacked, allowing a threat actor to get access to gathered data on monitored devices and their whereabouts.
Aruba Central is a cloud networking platform that lets administrators manage massive networks and components from a single interface.
A threat actor gained an “access key” that allowed them to examine customer data stored in the Aruba Central environment, HPE announced today. Between October 9th, 2021, and October 27th, 2021, when HPE canceled the key, the threat actor had access for 18 days.
The repositories that were exposed contained two datasets, one for network analytics and the other for Aruba Central’s ‘Contract Tracing‘ feature.
Q: What happened?
A: HPE/Aruba became aware that an access key which provided access to a limited subset of information held in the Aruba Central cloud environment was used by an unauthorized external actor. The data repositories exposed to the external actor contained information classified as “Customer Personal Data” under our Data Privacy and Security Addendum and as a result, we are notifying customers of the incident.
Q: Which data repositories were exposed?
A: One dataset (“network analytics”) contained network telemetry data for most Aruba Central customers about Wi-Fi client devices connected to customer Wi-Fi networks. A second dataset (“contact tracing”) contained location-oriented data about Wi-Fi client devices including which devices were in proximity to other Wi-Fi client devices.
Q: What was the Customer Personal Data?
A: The Customer Personal Data in the exposed data repositories consists of device Media Access Control (MAC) address, IP address, device operating system type and hostname, and, for Wi-Fi networks where authentication is used, the username. The data repositories also contained records of date, time, and the physical Wi-Fi access point where a device was connected, which could allow the general vicinity of a user’s location to be determined. The environment did not include any sensitive or special categories of personal data (as defined by GDPR).
It is possible for a threat actor to have gained the access key for a storage bucket utilized by the platform.
After investigating the incident, HPE determined that no more than 30 days of data were retained in the environment at any given time since data in the Aruba Central environment’s network analytics and contact tracing functionalities were automatically erased every 30 days.
Personal data existed in the environment, but not sensitive personal data. MAC addresses, IP addresses, device operating system type, and hostname, and certain usernames are among the personal data. Users’ Access Point (AP) names, vicinity, and time spent connected to that AP were also included in the contact tracing data.
Based on rigorous monitoring of access and traffic patterns, the chances of your personal data being obtained are extremely minimal.
We feel there is no need to change passwords, update keys, or change your network setup because security-sensitive information was not exposed.
The journalists at BleepingComputer were the ones that contacted HPE.
According to a statement reported by the publication, HPE is changing how they protect and store access keys to prevent future incidents.
We are aware of how the threat actors gained access and have taken steps to prevent it in the future. The access tokens were not tied to our internal systems. Our internal systems were not breached in this incident.
How Can Heimdal™ Help?
Heimdal™ Threat Prevention – Network provides unique threat hunting and ultimate visibility over an entire network, therefore offering A to Z protection, regardless of device or operating system.
Let our innovative AI detect and block any infected domains, allowing you to enjoy peace of mind when thinking about your business ecosystem.
If you liked this article follow us on LinkedIn, Twitter, YouTube, Facebook, and Instagram to keep up to date with everything about cybersecurity.