In case you haven’t heard, Western Digital suffered a pretty serious security breach in March of this year. How serious is it? It was severe enough that the company manually shut down the My Cloud service for over a week, during which customers lost all access to their remote files. Six weeks later, the company released the results of its internal investigation, and it’s not pretty.
According to emails sent to Western Digital customers (via Bleeping Computer), the company says hackers were able to obtain a customer database that included names, phone numbers, shipping and billing addresses, email addresses, and some credit card numbers. Password data was also stolen, but those files were encrypted, hashed, and “salted,” making the risk particularly low for that particular file.
The data appears to be mostly linked to Western Digital’s online store and not to the My Cloud service… Western Digital is expected to close its online store for the time being and reopen access next week.
According to Bleeping Computer, the hackers showed evidence of at least some access to Western Digital’s network as recently as April 28, presumably to extort ransom money. We recommend that anyone with a Western Digital store account or My Drive account change their password (you may also want to look into a password manager).