Western Digital Cyber Incident Update- WHAT HAPPENED??

WD Hit By Cyber Attack. WD My Cloud Offline, WD Shop Down – What Happened?

It has now been 20 days since WD initially identified that it was hit by a massively impactful cyber security incident on March 26th. Although further details on the nature of the incident, the impact in terms of data loss/theft and where they are at in terms of their investigations have not been especially forth-coming from the brand, we have learnt quite alot regarding from the hackers themselves (thanks to some fantastic work from the guys over at TechCrunch here). However, data leaks by Western Digital and how much of the impacted data is consumer based is only half the story. For 10 days, we saw the WD My Cloud remote cloud services suspended, which has been a fantastically large pain in the bum the thousands upon thousands o fWD My Cloud users who suddenly found that the NAS in their possession was suddenly a remarkably large paperweight. Access to the My Cloud services has now been restored and in this downtime period they did direct users on how to allow local/LAN access on their systems that are chiefly built around remote access being the default state (which, side note, results in switching this over being way too complicated when compared to other NAS systems – see here). But what happened? What do we know? What do the hackers in question say they got away with and want in return? Let’s go over everything we know after.

When did the Western Digital Data Breach Take Place?

Western Digital first shared news of the breach on April 3rd 2023, detailing that the breach had occurred on Sunday, March 26th 2023. 

A Message from Western Digital via Newswire:

April 03, 2023 02:06 AM Eastern Daylight Time – HERE SAN JOSE, Calif.–(BUSINESS WIRE)–Western Digital Corp. (NASDAQ: WDC) today provided information regarding a network security incident involving some of its systems and the Company’s active response to this matter. On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities. The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company’s business operations. The Company will provide updates as appropriate.

This isn’t the first time a Western Digital breach has compromised customer files. Back in 2021, we saw the mass wiping remote attack of many WD My Book Live and WD My Book Live Duo NAS systems (HERE), impacting resulting in a loss of estimated petabytes of WD end-user data. This resulted in WD providing free data recovery services, ongoing support where appropriate and changes to their policy around a trade-in program for My Book Live owners in order to reinstate services. Below is my video where we covered the WD My Book Live / My Book Live Duo Remote Hack Attack in June 2021:

Was Any Data Stolen in the WD Data Breach?

When asked, WD was pretty tight-lipped on this, offering just “This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities”, on the 3rd April. Going on further, they added that “Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.” via BusinessWire, they added “The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data.”

However, according to Lorenzo Franceschi-Bicchierai over on TechCrunch, the perpetrators who managed to infiltrate and hack Western Digital claim to have stolen around 10TB of data from the company, including extensive customer information. They are pushing the company to negotiate a ransom — of a “minimum 8 figures” — in exchange for not publishing the stolen data. speaking with TechCrunch and the representative of the hack shared a file that was digitally signed with Western Digital’s code-signing certificate, showing they could now digitally sign files to impersonate Western Digital. Two security researchers also looked at the file and agreed it is signed with the company’s certificate.

The hackers also shared phone numbers allegedly belonging to several company executives. TechCrunch called the numbers. Most of the calls rang but went to automated voicemail messages. Two of the phone numbers had voicemail greetings that mentioned the names of the executives that the hackers claimed were associated with the numbers. The two phone numbers are not public. Screenshots shared by the hacker show a folder from a Box account apparently belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product) and a screenshot of a group call where one of the participants is identified as Western Digital’s chief information security officer. They also said they were able to steal data from the company’s SAP Backoffice, a back-end interface that helps companies manage e-commerce data.

Again, rather than just continue to repeat their coverage, I cannot recommend enough that you read the original TechCrunch Article by clicking below. It’s a real eye-opener!

If Western Digital doesn’t get back to them, the group have stated that they are ready to start publishing the stolen data on the website of the ransomware gang, Alphv. The hacker said they are not directly affiliated with Alphv but “I know them to be professional.”

What Has This Attack Got To Do With WD My Cloud?

From the WD My Cloud Status Page:

Service Outage – HERE 07 Apr 2023 Product Owners of My Cloud Home, My Cloud Home Duo, and SanDisk ibi, We are currently experiencing a service interruption that is preventing files access and use of the applications provided for your product, including the mobile, desktop, and web apps. During this service interruption, you may now access files stored locally on your device using a feature called Local Access. The Local Access feature allows you to directly access your personal files from a Windows or MacOS computer that is connected to the same network as your device. To enable Local Access, use your favorite browser and connect to your device’s Dashboard. Then enable the Local Access feature and create a new Local Access account. For more detailed instructions and walk-thru video, visit this knowledge base article. For the My Cloud OS5 (My Cloud PR series and EX series) products, local access is already enabled and functional. We continue to make every effort to restore all services as quickly as possible and will provide updates as we have them. We apologize for any inconvenience and appreciate the patience of our user community as we continue our urgent efforts to restore all services.

To enable local-only access, follow this guide HERE. Alternatively, you can use the official WD video below to guide you through the process:

Are WD My Cloud Services Back Online?

Yes, as of 12th April 2023, WD My Cloud Access has since been restored (see tweet below):

See more

My Cloud service has been restored.

To all customers who have been affected during this outage, thank you for your patience.

If you have issues or need help, please contact our support channel @westerndigicare. pic.twitter.com/93TxUqvZdl

— Western Digital (@westerndigital) April 12, 2023

Likewise, the service status pages from the WD official pages have since been updated:

From the WD My Cloud Status Page:

Service Outage – HERE Service Outage 12 Apr 2023 Services are back online and fully operational.

While that has now been restored, Western Digital’s global store had something of a bumpy road too. For a while, it did not allow any kind of access, detailing a familiar ‘down for maintenance’ style message when visited. This has been improved now, but not resolved. WD still remain very tight-lipped on the event, but hopefully, we will get some more meaningful post-analysis about this incident later. The big, BIG question of course, surrounds the details of the leaked data. I do NOT think the data is lost (WD likely has 10 kinds of backup running at any time!) but it would seem that data has certainly been accessed and taken. As of 14th April, the WD Shop, although up and running, does not allow any kind of order fulfilment/purchasing – pushing orders through to recommended resellers in all regions. This is not unusual (especially when stock of a particular SKU/Model is not in WD central stock), but to have this across the entire eStore is disconcerting to say the least!

Were you impacted by the recent WD My Cloud Service outage? Or are you STILL being impacted by it? Please share your thoughts and input in the comments below. Have a great weekend, and Backup, Backup, BACKUP!

If this incident has been the tipping point for you to make a move away from the WD My Cloud NAS platform, or you already have an older generation WD My Cloud system that is no longer supported in security and/or feature updates in the latest WD OS versions, you can use this article HERE to choose an appropriate Synology or QNAP NAS. Alternatively, you can watch the video below:

📧 SUBSCRIBE TO OUR NEWSLETTER 🔔

🔒 Join Inner Circle

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. TRY CHAT Terms and Conditions   Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

☕ WE LOVE COFFEE ☕