Hackers claim to have hacked Western Digital and have taken 10 terabytes worth of data hostage. Spoke to hackers that appear to be in control of Western Digital’s code-signing certificates, the private phone numbers of company executives and stolen SAP Backoffice Data. They also managed to gain administrator rights to Western Digital’s Microsoft Azure instance.
Western Digital reported an ” Network Security Incident ” earlier this month, which allowed “unauthorized third parties” to access the company’s data systems. Western Digital’s cloud service was out of commission for ten days. The company has only recently managed to bring back its My Cloud service .
Hackers reportedly demand a ransom to prevent data from being released
Reports the hackers are negotiating a ransom of “minimum eight figures” in order to prevent the publication of the stolen data. Western Digital has declined to comment. The company is working with external security and forensics experts and law enforcement authorities.
Western Digital admitted that hackers had “gained unauthorized access to some of the company’s system” and that this incident was discovered on the 26th March and revealed a week after. “reams of data” has been stolen. However, the report does not specify what exactly was stolen.
Western Digital’s lack transparency is not reassuring to customers. In support notes posted on Twitter, the company described My Cloud problems as “service interruptions” or “outages”. This is clearly more than a typical service outage.
Western Digital has had security problems before. A 0-day vulnerability in 2021 allowed hackers to wipe large numbers of My Book Live products. Western Digital had to offer free data recovery and a trade-in service to My Book Live users.
Hacker also claimed to have emailed executives, using their personal emails because the corporate system is down at present, demanding an “one-time fee.”
We are the vermin that infiltrated your company. According to an email that the hackers sent, “Perhaps your attention is required!” they wrote. Continue down this road and we will retaliate.”
“We will only ask for a single payment and then leave your network. We’ll also let you know your weaknesses.” There has been no lasting damage. If there is any attempt to interfere with our systems or us in anyway, we will strike back. The hackers added, “We will strike back.” We are still buried deep in your network, and we will continue to dig until we find payment from you. We can hide this completely and make everything disappear. Let’s do it before it is too late. You have been generous up to this point; let’s hope you don’t continue on the wrong path.”
“Cut the crap. Get the money. Let’s go separate ways.” Let’s put aside our egos and find a solution to this chaotic situation,” wrote the hackers.
Western Digital’s Charlie Smalling, spokesperson, said that the company would not comment on or answer any questions regarding the hacker claims. This included whether it could confirm how much data was stolen, whether this data included customer data, and whether Western Digital had contacted the hackers.
Hacker who spoke refused to reveal what type of data they had, how they broke into Western Digital’s network initially and how they continued to maintain access.
Hacker: “I can tell you that we exploited weaknesses within their infrastructure, and spidered ourselves our way to the global administrator of [Microsoft] Azure tenants,” he said.
The hacker refused to reveal anything about himself or his group. They said that they do not have a name.
The hacker stated that if Western Digital does not get back to him, he is ready to publish the stolen data onto the website of , the ransomware gang Alphv. The hacker claimed that they were not directly associated with Alphv, but “I knew them to be professionals.”