Western Digital hackers claim to have copied 10TB of company data
Western Digital confirmed a network security incident earlier this month, but did not reveal much in terms of information, as the investigation was still ongoing at the time. The company did shut down several of its systems as a consequence, including cloud-based systems for consumers, such as My Cloud.
One of the hackers involved in the attack appears to have talked about online magazine TechCrunch about the hack. It is not uncommon for malware groups to contact the press; this is a strategy for many extortion groups out there that try to pressure companies into paying ransomware. Giving popular sites and news outlets a sneak peek of the data in their hands, they may increase publicity and may convince companies to give in to their demands.
The hacker who contacted TechCrunch shared a file with the site that was digitally signed by a Western Digital certificate. TechCrunch had two security researchers verify the authenticity, which they did.
The hacker shared other information with TechCrunch, including non-public phone numbers of Western Digital executives, and screenshots of Box account folder, internal email, files stored in a PrivateArk instance, and a group call screenshot with Western Digital's chief information security officer.
The hacker claims that they managed to download 10 terabytes of data from Western Digital's network and linked accounts. The group, which said it does not go by any name, is asking for an 8 figures payment in exchange for not publishing the data publicly, or selling it on the dark web. Western Digital did not respond to the revelation when contacted by TechCrunch.
Assuming that the hackers are indeed in possession of the data and have signing powers, there are quite a few scenarios as to how this can play out. Western Digital might pay and hope that the group is keeping its word. It could also refuse to pay and brace for the impact as good as it can.
This would then include revoking certificates, extensive security assessments of its infrastructure, informing businesses and customers about potential fallouts, and more.
The hackers could try to sell the data to interested parties, which might then use it for phishing, malware campaigns and other activities. It is unclear if user data has been copied.
Now You: do you use WD's cloud services?Advertisement