Malicious actors have compromised the data repositories for HPE’s Aruba Central network monitoring platform and gained access to the collected data about user devices.
Aruba Central is a cloud-based network management solution that offers built-in analytics for actionable network and business insights.
According to HPE, the hackers obtained an access key, which provided access to a limited subset of information held in the Aruba Central cloud environment. The key was in the possession of hackers for 18 days (fr om October 9 to October 27, 2021). The key was revoked on October, 27 as part of regular security practices.
The affected repositories contained two datasets, one of which contained network telemetry data for most Aruba Central customers about Wi-Fi client devices connected to customer Wi-Fi networks, and the second dataset ("contact tracing") contained location-oriented data about Wi-Fi client devices including which devices were in proximity to other Wi-Fi client devices, HPE explained in FAQ about the incident.
The exposed data includes device MAC address, IP address, device operating system type and hostname, and, for Wi-Fi networks wh ere authentication is used, the username. The data repositories also contained records of date, time, and the physical Wi-Fi access point where a device was connected, which could allow the general vicinity of a user's location to be determined. The environment did not include any sensitive or special categories of personal data.
HPE believes that only a small amount (if any at all) of exposed information was stolen.
"Aruba engineers have analyzed the usage records of the exposed repositories and have correlated those records with known, authorized activity. The remaining unexplained activity represents a negligible proportion of all the data stored in the repositories. This lets us state definitively that the unauthorized actor did not view, download, or transfer out of the repositories any significant amount of data," HPE said.
According to the company, the security incident impacted only data for the last 30 days, as analytics and Contract Tracing data in the Aruba Central environment is deleted every 30 days. Personal data has not been compromised, so there is no need to change passwords, change keys, or alter network configuration.