Friday, April 14th 2023

Western Digital My Cloud Service Hacked, Customer Data Under Ransom

Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."
According to a news feature, published by TechCrunch, its author has been in contact with the perpetrator(s) responsible for the online attack. The group claims that it has stolen around 10 terabytes of data from the company, and a significant chunk of this information is comprised of customer information. A ransom request in the region of "a minimum 8 figures" has been dangled in front of Western Digital - the hackers are demanding a significant chunk of change in exchange for the return of stolen data. WD is facing the threat of its (previously private/secure) cloud customer base's information being published across the internet, but their first port of call will be on the website operated by ransomware crew Alphv (aka BlackCat). The hackers deny having any direct links to Alphv/BlackCat, but do acknowledge that they are appreciated for being "professional" within the online crime sector.
TechCrunch was granted access to a small sample of evidence courtesy of their contact within the hacking organization - including active customer phone numbers and a file that had been digitally authenticated with Western Digital's code-signing certificate. The hackers have boasted that they have also smashed through enough security measures in order to reach internal Western Digital staff systems - including corporate emails, e-commerce material and back-end interfaces.

The hackers are plainly motivated by the potential of making a lot of money from the attack - part of their statement (directed at WD) reads: "We only need a one-time payment, and then we will leave your network and let you know about your weaknesses. No lasting harm has been done. But if there are any efforts to interfere with us, our systems, or anything else. We will strike back. We are still buried in your network and we will keep digging there until we find a payment from you. We can completely conceal this and make it all disappear. Before it is too late, let us do that. Until now, you have been gracious; let's hope that you do not keep going the wrong way. Cut the crap, get the money, and let's both go our separate ways. Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario."

Western Digital has yet to publish any official statement regarding potential interactions or negotiation proceedings occurring between it and the ransom holders.
Sources: Tech Crunch, Business Wire, Varonis Blog, Radware, emsisoft.com Blog
Add your own comment

41 Comments on Western Digital My Cloud Service Hacked, Customer Data Under Ransom

#1
P4-630
There you go with your save-in-the-cloud data.....:shadedshu:
Posted on Reply
#3
R0H1T
P4-630There you go with your save-in-the-cloud data.....:shadedshu:
Find a "better" cloud.
Posted on Reply
#4
WorringlyIndifferent
Lmao.

Always sad/funny to see people get duped into thinking "someone else's computer with no actual backups" is somehow better than having your own.
Posted on Reply
#5
P4-630
R0H1TFind a "better" cloud.
Asus keeping me spamming about their cloud....
Posted on Reply
#6
ThrashZone
Hi,
Guess they weren't using win-11 :laugh:
But yeah cloud good luck with that people.
Posted on Reply
#7
bobbybluz
P4-630There you go with your save-in-the-cloud data.....:shadedshu:
I don't trust anything I can't put a hand on and/or unplug.
Posted on Reply
#8
Frick
Fishfaced Nincompoop
P4-630There you go with your save-in-the-cloud data.....:shadedshu:
I'm confident Microsoft is better at IT security than I am.
ThrashZoneHi,
Guess they weren't using win-11 :laugh:
But yeah cloud good luck with that people.
You roll your own email? Strong man.

In any case, doesn't WD have several security cockups in their past? I didn't even know they had cloud storage, bit I guess it makes sense.
bobbybluzI don't trust anything I can't put a hand on and/or unplug.
How do you do mail, or communication?
Posted on Reply
#9
R0H1T
FrickI'm confident Microsoft is better at IT security than I am.
Yes generally speaking the big boys are much much better at it than anyone except perhaps doomsday preppers, never had any issues with my Gmail/google/Hotmail/outlook/AWS accounts. So in that they "can be" trusted a lot more, but having this data physically near you feels more "secure" for most people out there ~ even though in reality it's not.
Posted on Reply
#10
nienorgt
After the MyBook Live debacle, here another WD data leak...

It's not surprising that I've decided to learn to use my own self-hosting platforms like OneCloud so I know who to sue for being a noob at security (myself).
Nothing is really safe these days, so not paying for false promises of security make more and more sense as time passes.

(I'm mostly speaking of third party cloud services that don't own their own data center or rent it, Amazon AWS is certainly a very secure system, but renting AWS to host your own half-baked cloud system is not)
Posted on Reply
#11
bobbybluz
FrickI'm confident Microsoft is better at IT security than I am.


You roll your own email? Strong man.

In any case, doesn't WD have several security cockups in their past? I didn't even know they had cloud storage, bit I guess it makes sense.



How do you do mail, or communication?
I'm over 70. I still pay for most things by check, write actual snail mail letters and make plenty of telephone calls. Growing up around professional criminals made me very aware of security related things.
Posted on Reply
#12
R0H1T
Anything that's connected to the internet is at risk, if you really have something that important just keep it off the net.
Posted on Reply
#13
Ferrum Master
Remembers investing building my own OMV based home DIY NAS.

Reads this and thinks it pays off being paranoid.
Posted on Reply
#14
A Computer Guy
FrickIn any case, doesn't WD have several security cockups in their past?
Yea it was nasty.
"The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication. The unauthenticated factory reset vulnerability been assigned CVE-2021-35941."
www.westerndigital.com/support/product-security/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo#:~:text=Analysis of Newly Identified Vulnerability,arbitrary commands with root privileges.
FrickHow do you do mail, or communication?
For really important stuff I go out into the woods with ski masks, night vision goggles, and a verity of musical tambourines for tapping out encrypted Morse code.
Posted on Reply
#15
ThrashZone
FrickYou roll your own email? Strong man.


How do you do mail, or communication?
Hi,
Sorry but what the hell does email have to do with cloud storage.
Posted on Reply
#16
bobbybluz
Ferrum MasterRemembers investing building my own OMV based home DIY NAS.

Reads this and thinks it pays off being paranoid.
There's nothing wrong with being paranoid. There are always lowlifes out to get you if given the opportunity. My late uncle supported himself and his family being a professional con-artist.
Posted on Reply
#17
R0H1T
Well you do have well paying jobs for that ~ politicians & bureaucrats.
Posted on Reply
#18
Frick
Fishfaced Nincompoop
ThrashZoneHi,
Sorry but what the hell does email have to do with cloud storage.
You just said cloud, so I thought you didn't like any cloud stuff, and email hosted by someone else definitely falls in that category.
Posted on Reply
#19
bobbybluz
R0H1TWell you do have well paying jobs for that ~ politicians & bureaucrats.
And telemarketers.
Posted on Reply
#21
bug
What do you expect when you buy your cloud from a manufacturer of hardware?
Posted on Reply
#22
MentalAcetylide
People want everything accessible 24/7 from everywhere, so this is what we get. Until there's an arm long enough to reach out & throttle the perpetrators, this is just going to keep happening. Its a lot easier for them to find exploits than it is to design a system with no exploits when it comes to data & computer networks.
Posted on Reply
#23
Dave65
Can't believe people use this..
Posted on Reply
#24
trsttte
A Computer GuyYea it was nasty.
"The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication. The unauthenticated factory reset vulnerability been assigned CVE-2021-35941."
www.westerndigital.com/support/product-security/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo#:~:text=Analysis of Newly Identified Vulnerability,arbitrary commands with root privileges.
You left out the "best" part, the exploit was actively used with many units targeted being formated remotely

gizmodo.com/western-digital-confirms-my-book-live-drives-are-being-1847171372
Posted on Reply
#25
DeathtoGnomes
I see they opened the email and clicked.
A Computer GuyFor really important stuff I go out into the woods with ski masks, night vision goggles, and a verity of musical tambourines for tapping out encrypted Morse code
smoke signals by the early adopters.
Posted on Reply
Add your own comment
Dec 20th, 2024 12:46 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts