HPE has revealed that data repositories for its Aruba Central network monitoring technology have been hacked, allowing a threat actor to access gathered data on monitored devices and their whereabouts. Aruba Central is a cloud networking system that enables administrators to manage massive networks from a single location.
An “access key” was obtained by a threat actor, allowing him to examine customer data housed in the Aruba Central environment, according to HPE. Between October 9 – 27, 2021, when HPE canceled the key, the malicious actor had exposure for 18 days. Two datasets were published in the repositories, one for network analytics and another for Aruba Central’s ‘Contract Tracing‘ functionality.
According to an Aruba Central FAQ concerning the security problem, one dataset (“network analytics”) includes network telemetry data regarding Wi-Fi client devices connected to customer Wi-Fi networks for most Aruba Central customers. A second dataset (“contact tracing”) comprised location-oriented data about Wi-Fi client devices, including which devices were in the vicinity of other Wi-Fi client devices.
MAC addresses, IP addresses, operating systems, hostnames, and, for authorized Wi-Fi networks, a person’s username were among the network analytics data disclosed in these repositories. The date, time, and Wi-Fi access points users were linked to, were also included in the contract tracing record, possibly allowing the threat actor to monitor the approximate proximity of users’ position.
According to the FAQ, the data repositories also included records on the date, time, and the actual Wi-Fi access point to which a device was connected, which might be used to pinpoint a user’s geographical location. The environment did not contain any sensitive or special categories of personal data (as defined by GDPR).
Because the phrase ‘buckets’ appeared several times in HPE’s FAQ, a threat actor most likely gained the access key for a storage bucket employed by the platform. To avoid repeat occurrences, HPE says they’re modifying how they safeguard and store access keys.