HPE has disclosed hackers have accessed data repositories for their Aruba Central network monitoring platform and collected data about monitored devices and their locations, according to media reports.
Aruba Central is a cloud networking solution that allows administrators to manage large networks and components from a single dashboard.
HPE disclosed that hackers obtained an access key that allowed them to view customer data stored in the Aruba Central environment. Hackers had access key for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key.
“We are aware of how the threat actors gained access and have taken steps to prevent it in the future. The access tokens were not tied to our internal systems. Our internal systems were not breached in this incident,” HPE said.
The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central’s Contract Tracing feature.
One dataset (network analytics) contained network telemetry data for most Aruba Central customers about Wi-Fi client devices connected to customer Wi-Fi networks. A second dataset (contact tracing) contained location-oriented data about Wi-Fi client devices including which devices were in proximity to other Wi-Fi client devices, explains an Aruba Central FAQ about the security incident.
The network analytics dataset exposed in these repositories included MAC addresses, IP addresses, operating systems, hostname, and for authenticated Wi-Fi networks, a person’s username.
The contract tracing dataset also included the date, time, and Wi-Fi access points users were connected to, potentially allowing the threat actor to track the general vicinity of users’ location.
The data repositories also contained records of date, time, and the physical Wi-Fi access point where a device was connected, which could allow the general vicinity of a user’s location to be determined. The environment did not include any sensitive or special categories of personal data (as defined by GDPR), reads the FAQ.