HPE confirms security incident at Aruba Central; hackers access sensitive information

In its latest security alert, Hewlett Packard Enterprise (HPE) confirmed that the data repositories of its Aruba Central software solution were tapped by threat actors, who could access sensitive information. As some users may already know, Aruba Central is a cloud software deployment that makes it easy to manage large networks and components.

According to the company’s report, the attackers obtained an access key that allowed them to view the data stored throughout the Aruba Central environment. Threat actors remained active in the affected implementation since October 9; the compromised key was revoked by HPE until October 27.

A first affected repository contained network telemetry data for most Aruba Central customers over WiFi client devices. Moreover, the second set contained location-oriented data about client WiFi devices, including devices that were close to other client WiFi devices.

The first set of data includes details such as MAC addresses, IP addresses, operating system data, hostname, and even the names of WiFi network administrators. About the second set of data, this includes names, dates and WiFi access points that users connected to, which could be useful in some tracking campaigns.

Given the uncertainty generated by this first announcement, HPE issued a statement pointing out the main points of its research:

  • Stored records are equivalent to less than 30 days of information collected in each environment. Network analysis data is deleted from Aruba Central every month
  • Compromised information includes personal data, but not sensitive information or financial details that may be used in an electronic fraud campaign
  • The likelihood that customers’ personal data has been accessed is extremely low
  • HPE does not believe that password reset or modification of customer network settings is necessary to prevent subsequent security incidents

This was the last official update of the company, although it is assured that more details about this incident will be revealed in the coming days.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.