Back in March, Western Digital revealed it had been hacked, and many of the company’s online services were down for two weeks as “proactive measures.” Now we know more about what hackers stole from WD customers.
Western Digital provided an update to its security investigation, saying, “we confirmed that an unauthorized party obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers.” The stolen data included customer names, email address, telephone numbers, and billing and shipping addresses. There were also “hashed and salted passwords and partial credit card numbers” in the database, though Western Digital says that information was encrypted.
The hacking group responsible for the breach told TechCrunch that it obtained 10 TB of data, allegedly including “code signing certificates, firmware, personally identifiable information of customers, and more.” The hackers tried to extort WD for payment in exchange for not publishing the information, and Western Digital didn’t pay up. There still appears to be some data waiting to be published, so it’s possible we still don’t know the full extent of the damage to customers.
This is far from the first time Western Digital has had security problems, though most of them have been security vulnerabilities in the company’s NAS drives, rather than problems with online infrastructure. Western Digital wouldn’t say exactly how many customers are affected this time.
Source: Western Digital, TechCrunch