Western Digital, which specializes in devices and storage services, has provided some more information on the attack and its consequences.
In a recent press release, Western Digital (WD) said that an unauthorized party has accessed a database containing information about its online store. Unauthorized access to stored information includes customer names, billing and shipping addresses, email addresses, and phone numbers.
In addition, the attacker also gained access to encrypted databases, passwords and part of credit card numbers. The company said it will contact affected customers directly
The release also mentions that the hacker shared a file that was digitally signed with Western Digital ‘s code signing certificate , suggesting that hackers could digitally sign files to impersonate the company. There were two security researchers investigating and authenticating. Western Digital says it is investigating the validity of the data. Hackers claim to have downloaded about 10 TB of data in the system breach.
In early April, Western Digital admitted that its network was hacked on March 26, 2023 and obtained certain data.
During the investigation of the attack, WD removed the systems from the internet. That’s why My Cloud online storage services stopped working for about 10 days in April. Currently, the company’s online store is still closed, Western Digital said it will reopen from May 15