[BreachExchange] HPE says Aruba customer data compromised after data breach
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Tue Nov 16 15:50:46 EST 2021
https://techcrunch.com/2021/11/15/hpe-aruba-data-breach/
HPE has confirmed that a “limited subset” of customer data was taken in a
data breach involving its subsidiary Aruba Networks, a maker of networking
equipment.
The enterprise technology giant said in a statement that an unauthorized
person used a private key to gain access to customer data stored in its
Aruba Central cloud. HPE did not say how the hacker obtained the private
key, but said the key allowed access to cloud servers in multiple regions
where customer data was stored.
HPE bought Aruba Networks in 2015 for $3 billion in cash. Aruba provides
networking gear, like wireless access points, and network security for
companies. Through its dashboard, Aruba Central, companies can centrally
monitor and manage their Wi-Fi networks.
It’s the Wi-Fi data collected in Aruba Central that HPE said was
compromised. HPE said two data sets were exposed: one for network analytics
containing information about devices accessing a customer’s Wi-Fi network,
and a second data set containing location data about devices on the
network. HPE did not give more details about the granularity of the exposed
location data, but noted that the data “could allow the general vicinity of
a user’s location to be determined.”
Specifically, the data included details about a device, such as a device’s
MAC and IP address, device hostname and operating system and, in some
cases, the username of the user accessing a Wi-Fi network. HPE said
usernames are chosen by customers but could include a user’s name or an
email address.
Worse, although the data was both scrambled and encrypted, the company said
the private key had permission to use the decryption key; it wasn’t clear
if the data was ultimately decrypted. HPE said it was likely only a “very
small amount, if any” data was exfiltrated. The company added that it
wasn’t clear which specific customers or what files were taken because the
company does not keep logs of individual file access.
According to a statement, the hacker first used the key on October 9, but
HPE did not detect the intrusion until November 2. HPE automatically purges
data from its cloud servers every 30 days, so the amount of compromised
data was limited to records dating back to September 10.
HPE said it was notifying customers of the incident.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211116/d610a6f5/attachment.html>
More information about the BreachExchange
mailing list