Western Digital discloses network breach, My Cloud service down

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,556
Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems.

The California-based computer drive maker and provider of data storage services says in a press release that the network security incident was identified last Sunday, on March 26.

An investigation is in early stages and the company is coordinating efforts with law enforcement authorities.

“Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts,” Western Digital says in the disclosure.

Based on evidence found so far, the company believes that the intruder had access to some of the company data.

My Cloud service down

In the wake of the attack, the storage maker has implemented additional security measures to safeguard its systems and operations. These steps may impact some of the Western Digital services.

The company said that the incident "has caused and may continue to cause disruption to parts of the Company’s business operations."

Since Sunday, multiple users of Western Digital’s network-attached storage (NAS) service My Cloud have been reporting they couldn't access their cloud-hosted media repositories.

At time of writing, trying to log into the service, including the Home version, shows a "503 Service Temporarily Unavailable" error.

More than 24 hours have passed since the first reports of the outage, with cloud, proxy, web, authentication, emails, and push notifications being unavailable.

The My Cloud service status page notes that the issue is affecting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
Users of the Western Digital My Cloud service are fuming after a network breach has locked them out of their data for more than 24 hours and has put company-handled information into the hands of currently unknown hackers. The inability to access data stored in My Cloud was reported on social media by multiple users, including this one, who indicated the outage started sometime on Saturday. Since then, the number of users (and their anxiety levels) have only ratcheted up.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
On Friday, five days into a massive outage impacting its cloud services, Western Digital provided customers with a workaround to access their files. Since April 2nd, the outage has prevented users from accessing files stored on their WD NAS devices, as it required access to the company's cloud services. The complete list of services that were down throughout this week includes My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger, together with linked mobile, desktop, and web apps.

I wonder if this earlier issue is related
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
“We are the vermin who breached your company. Perhaps your attention is needed!” the hackers wrote, according to a copy of the email the hackers shared with TechCrunch. “Continue down this path and we will retaliate.” “We only need a one-time payment, and then we will leave your network and let you know about your weaknesses. No lasting harm has been done. But if there are any efforts to interfere with us, our systems, or anything else. We will strike back,” the hackers continued. “We are still buried in your network and we will keep digging there until we find a payment from you. We can completely conceal this and make it all disappear.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Another message from ALPHV, the group behind the Western Digital hack, where they also acknowledge the TechCrunch interview in BryanB's post above mine.. There is some nasty vulgarity which I've blotted out (no I do NOT want warning points on my profile, thanks). You can find the original text on the original source's Twitter homepage.

alphvransomware.PNG

https://twitter.com/vxunderground

Edited to remove direct link.
 
Last edited:

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
From the screenshots leaked by ALPHV, the threat actors are implying that they had continued access to some of Western Digital's systems as they show video conferences and emails about the attack. One image includes the "media holding statement" and another is an email about employees leaking information about the attack to the press. Included with the leaked data is another message from the threat actors, where they claim to have customers' personal information and a complete backup of WD's SAP Backofffice implementation.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
After learning that hackers obtained sensitive personal information in a cyberattack in March, Western Digital pulled its store offline and notified consumers of the data breach. Late Friday afternoon, the business sent out emails warning of the data breach and informing clients that their personal information was contained in a Western Digital database that had been stolen. “Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers,” Western Digital said.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202.

The storage manufacturer decided to take this drastic measure to protect its users from cyberattacks, as the latest firmware addresses a remotely exploitable vulnerability that can be leveraged to perform unauthenticated code execution.

"Devices on firmware below 5.26.202 will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access data on their device through mycloud.com and the My Cloud OS 5 mobile app until they update the device to the latest firmware," explains a Western Digital support bulletin.
For more information
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top