Posted on May 7, 2023 at 10:03 AM
Western Digital notifies customers of a data breach at the company
Western Digital has taken its store services offline. The company has also sent an alert to customers notifying them of a data breach. Western Digital has also said that hackers were responsible for exploiting sensitive personal information after a cyberattack in March.
Western Digital says hackers stole data in a March cyberattack
The company sent an email regarding the data breach late Friday afternoon. In the email, the company warned its customers that data stored within a Western Digital database was stolen during the exploit.
The statement released by Western Digital on the matter also said that based on the investigation conducted by the company, the hackers had access to limited personal data belonging to customers using the company’s online store.
“Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” a statement from the company.
The company’s statement further said that the information that the hackers stole included the names of customers, billing, and shipping addresses. The other stolen details include email addresses and telephone numbers.
The company also said it had taken security measures to minimize the damage caused by this attack. One of the measures taken by the company is to guarantee that the relevant database used an encrypted format, hashed passwords, and only stored partial credit card numbers. The passwords stored in this database were salted.
Western Digital also took its store offline as it continued investigating the incident. The store has also displayed a message saying that it would resume its services soon. The company further said that it was unable to process orders at the time. The company is planning to restore access to this store on May 15, 2023.
Western Digital has also issued a warning to the affected customers saying that it needed to be vigilant and protect itself against phishing attacks. The threat actors are also impersonating the company and using the stolen information to conduct further attacks, such as phishing campaigns, to gather more information from its customers.
A cyberattack against Western Digital
The notifications that have been shared about this data breach come after Western Digital reported a cyberattack on March 26. At the time that this attack was discovered by the company, the hackers had already stolen data, and they had already stolen data from the company.
One of the things that the company has done to respond to the attack is to shut down its cloud services for two weeks. The cloud services have been shut down on desktop, mobile and web applications.
The report published by TechCrunch on the matter saying that an unknown hacking group that breached Western Digital claimed to have stolen high volumes of data. The hackers claimed to have obtained illegal access to ten terabytes of data.
The threat actors behind this exploit have claimed that they are not a part of the ALPHV ransomware operations. The hackers said that they used the data leak website to extort funds from Western Digital. They activities seen so far with the company displays them as a form of extortion gang, whose sole purpose is financial benefits after conducting a hacking exploit.
The threat actors published a note on April 28 teasing the company about the hacking attack. The threat actors published screenshots showing that they had still maintained access to the company’s network despite being detected. The images indicated that the measures taken by Western Digital to combat the attack had not been entirely successful because the exploiters continued to infiltrate more information.
Besides gaining access to the stolen information, the hackers also claimed access to an SAP Backoffice database that contained information. The threat actors also shared screenshots of what appeared to be invoices belonging to customers at the company. This activity shows that the threat actors might have gained access to a wide range of information than what had been reported by the company.
Since the company shared the images of more information stolen from Western Digital, no more data has been released. The activity of this threat actor group shows a likelihood that they are still extorting Western Digital, hoping to secure a ransom demand from the company. The ALPHV ransomware group is notorious with launching ransomware attacks targeting various individuals.