Security News > 2021 > November > HPE says hackers breached Aruba Central using stolen access key
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.
HPE disclosed today that a threat actor obtained an "Access key" that allowed them to view customer data stored in the Aruba Central environment.
"One dataset contained network telemetry data for most Aruba Central customers about Wi-Fi client devices connected to customer Wi-Fi networks. A second dataset contained location-oriented data about Wi-Fi client devices including which devices were in proximity to other Wi-Fi client devices," explains an Aruba Central FAQ about the security incident.
"The data repositories also contained records of date, time, and the physical Wi-Fi access point where a device was connected, which could allow the general vicinity of a user's location to be determined. The environment did not include any sensitive or special categories of personal data," reads the FAQ. As HPE's FAQ mentioned the word 'buckets' multiple times, a threat actor likely obtained the access key for a storage bucket used by the platform.
No more than 30 days of data was stored within the environment at any time, as data in the network analytics and contact tracing features of the Aruba Central environment is automatically deleted every 30 days.
The contact tracing data also included users' Access Point name, proximity, and duration of time connected to that AP. The likelihood that your personal data was accessed is extremely low, based on extensive analysis of access and traffic patterns.