Western Digital tells customers that hackers stole their data

On Friday, a month after the company revealed it had been the victim of a data breach, Western Digital published an update on the incident and notified customers that their data was stolen.

In a press release, the company said that on March 26 it detected a “a network security incident” where hackers “gained access to a number of the Company’s systems.”

“As a precautionary measure to secure our business operations, the Company proactively disconnected our systems and services from the public Internet. We are progressing through our restoration process and the majority of our impacted systems and services are now operational,” the company wrote.

Western Digital wrote that working with “outside forensic experts” it confirmed that hackers “obtained a copy of a Western Digital database used for our online store that contained some personal information of our online store customers.”

The stolen data included “customer names, billing and shipping addresses, email addresses and telephone numbers,” as well as “passwords and partial credit card numbers” that were encrypted, hashed, and salted, a process that hides the original plaintext data and makes it significantly harder for hackers to actually see the real passwords and partial credit card numbers.

The company also notified customers who were victims’ of the hack. A Western Digital customer shared the message the company sent him with TechCrunch, which matches the messages included in other articles.

In the message sent via email, the company told customers it was writing to notify them “about a network security incident involving your Western Digital online store account.”

The company also wrote that victims can take precautionary measures to protect themselves, including being “cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information,” avoiding clicking on links or downloading attachments “from suspicious emails,” and checking whether their email accounts have spam settings that can help detect and block “suspicious emails.”

Western Digital spokespeople Charlie Smalling declined to comment when asked to specify how many customers were affected, referring back to the update published Friday.

On April 3, Western Digital revealed it had been the victim of a data breach, without detailing the extent of the breach or what data had been stolen. Days later, one of the hackers involved in the attack told TechCrunch that the stolen data amounted to 10 terabytes and included customer information.

At the time, the hackers were trying to extort the company promising not to publish the stolen data.

“We are the vermin who breached your company. Perhaps your attention is needed!” the hackers wrote, according to a copy of the email the hackers shared with TechCrunch. “Continue down this path and we will retaliate.”

Apparently, Western Digital did not heed these pleas, because the hackers went on and published some of the stolen data on the website of the ransomware gang Alphv. In a post on April 28, the hackers said they would “share leaks every week until we lose interest” including “code signing certificates, firmware, personally identifiable information of customers, and more.”

It doesn’t appear the hackers have yet published the full trove of stolen data.


Do you have more information about the Western Digital hack? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.