Western Digital shut down its online services early last month, following the discovery of a security breach the company suffered. The immediate effect was that users were not able to make use online services, notably the My Cloud service. More recently, the company has a bit more details on the security incident.
While the investigation is still underway, the company acknowledges in a statement that “an unauthorised party obtained a copy of a Western Digital database used for our online store”. Said database contained some personal information on the company’s online store customers, including names, address and phone numbers. Also included in the leaked database, albeit encrypted, hashed and salted, were passwords and partial credit card numbers.
On the subject of online services, the company also says that it restored its My Cloud service on 13 April. As for the company’s online store, this is expected to be restored on the week of 15 May, or sometime next week..
The company also says that it is aware that “other alleged Western Digital information has been made public”. No elaboration on what these are, but the company says it is still investigating the validity of this claim. For what it’s worth, the company notes that it still has control over the digital certificate, something that hackers have also gained access to. The company also says that it can revoke those certs if needed.
Not too long after Western Digital initially announced that it was hacked, TechCrunch reported that an unnamed group of hackers had claimed responsibility for the incident. Said hackers were demanding an eight-figure ransom for the 10GB of data that they got away with, with the alternative being having the data published on the website of another hacker group. The company’s statement has made no mention of this ransom.
(Source: Western Digital)
The post Western Digital: Some Customer Info Leaked In Recent Security Breach appeared first on Lowyat.NET.