Western Digital was breached by hackers who stole 10 terabytes of data, including customer data. The extortionists want the company to pay a “minimum 8 figures” ransom to keep the data private.
Western Digital reported “a network security incident” on April 3, saying hackers stole data from “a number of the Company’s systems.” Western Digital said the hackers “obtained certain data from its systems and [Western Digital] is working to understand the nature and scope of that data.”
One hacker gave more details to verify their claims. The hacker shared a file signed with Western Digital’s code-signing certificate, demonstrating their ability to impersonate Western Digital. Two security researchers verified the file’s signature.
Hackers also leaked executive phone numbers. Most calls went to voicemail. Two of the phone numbers had executive voicemail greetings. Private phone numbers.
The hacker shared screenshots of a Western Digital Box folder, an internal email, PrivateArk files, and a group call with Western Digital’s chief information security officer.
They also said they stole data from the company’s SAP Backoffice, which manages e-commerce data.
The hacker said they hacked Western Digital to make money, but they didn’t use ransomware.
“I want to give them a chance to pay but our callers […] have called them many times. The hacker said they don’t answer or listen and hang up.
The hacker also demanded a “one-time payment” from several executives via their personal email addresses since the corporate email system is down.
“We breached your company. According copy of the hackers’ email, “Perhaps your attention is needed.” “We will retaliate.”
We only need a one-time payment and will leave your network and tell you your weaknesses. No lasting damage. If we, our systems, or anything else are interfered with. Hackers promised to retaliate. “We are still buried in your network and will keep digging until we find a payment from you. We can hide this. Do it now. You’ve been gracious so far—let’s hope you don’t continue.”
Cut the crap, get the money, and let’s part ways. “Let us put our egos aside and find a solution to this chaotic scenario,” the hackers wrote.
Western Digital spokesperson Charlie Smalling declined to comment on the hacker’s claims, including whether the company had contacted the hackers, the amount of data stolen, and whether it included customer data.
Hacker wouldn’t say what customer data they stole, how they broke into Western Digital’s network, or how they maintained access.
“We exploited vulnerabilities within their infrastructure and spidered our way to global administrator of their [Microsoft] Azure tenant,” the hacker said.
The hacker said they chose Western Digital “randomly.” They also said they have no name.
The hacker threatened to publish the stolen data on Alphv’s website if Western Digital doesn’t respond. The hacker said “I know them to be professional.”