Western Digital hackers publish leaked images to taunt storage giant

News
By Sead Fadilpašić
published

More than two dozen screenshots leaked

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Hackers that breached Western Digital’s (WD) systems and stole sensitive data in late March 2023 have posted a series of screenshots of internal emails and other company communication which they say shows WD’s poor efforts to address the incident. 

Cybersecurity researcher Dominic Alvieri discovered a total of 29 screenshots showing emails, documents, and video conferences, all related to the actions WD took following the breach.

While one might think that the hackers still have access to WD’s systems and are taunting them this way, that doesn’t necessarily have to be the case. Usually, the first thing a company would do after discovering a data breach is try to learn how the hackers made their way inside and block the entrance. So, some time may pass between detecting a breach and responding to it, which could be the window during which the hackers grabbed these screenshots. 

Leaking info to the press

One of the screenshots shows a “media holding statement”, and another one shows employees allegedly leaking information about the breach to the media.

In late March this year, unnamed threat actors breached Western Digital’s systems and stole 10TB of sensitive data. They didn’t encrypt the endpoints, and claim to have no affiliation with any of the current ransomware groups, but after the breach, a message appeared on the ALPHV (BlackCat) leak site about the incident. 

Western Digital was urged to pay the ransom immediately, or risk getting hurt until they “cannot stand anymore”.

Read more

> Western Digital customers urged to update to latest version of My Cloud OS

> Hackers who breached Western Digital are now asking for a hefty ransom

> Here are the best endpoint security products

The hackers shared snippets of stolen information with TechCrunch, which showed files signed with WD’s code-signing keys, unlisted phone numbers, and screenshots of internal data. None of this could be independently verified, the media said. 

To tackle the breach, WD was forced to shut down its cloud services for two weeks, frustrating users of My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger. 

Western Digital did not comment on the leaked screenshots.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.