Hackers who claim to have breached Western Digital have reportedly stolen around 10 terabytes of data from the company and are holding it hostage. TechCrunch spoke to the hackers who appear to have control over Western Digital’s code-signing certificate, private phone numbers belonging to company executives, stolen SAP Backoffice data, and even managed to gain administrator access to Western Digital’s Microsoft Azure instance.
Western Digital reported a “network security incident” earlier this month that allowed an “unauthorized third party” to access data from the company’s systems. The incident put Western Digital’s cloud network out of action for 10 days, and the company only just managed to bring its My Cloud service back online earlier this week.
The hackers reportedly want a ransom payment to avoid data being published
TechCrunch reports that the hackers are trying to negotiate a ransom payment of a “minimum 8 figures” to not publish the stolen data. Western Digital declined to comment on the situation, and the company is currently coordinating with law enforcement authorities and working with outside security and forensic experts.
Western Digital has admitted that hackers “gained access to a number of the company’s systems,” and that the network security incident was first discovered on March 26th and disclosed a week later. While TechCrunch claims “reams” of customer data has been stolen, the report doesn’t detail exactly what.
Either way, Western Digital’s lack of transparency here isn’t exactly reassuring for customers. The company described its My Cloud issues as merely a “service interruption” or “outage,” in support notes published on Twitter. It’s clearly a little more than your average service outage.
This isn’t the first time Western Digital has been hit by security issues. Hackers were able to mass-wipe lots of My Book Live cloud storage products in 2021 due to a 0-day exploit. Petabytes of data was estimated to be affected, and Western Digital was forced to provide free data recovery services and a trade-in program for My Book Live owners.