Western Digital Cyberattack: Unveiling the Stolen Data and Fallout

Previously, Western Digital fell victim to a cyberattack, prompting the company to urgently shut down its My Cloud system for Western Digital NAS devices, which resumed operation after ten days.

Over a month has elapsed since the hacking incident, and Western Digital has finally disclosed some substantive information: a portion of user data from Western Digital’s online store was stolen, as well as two code signing certificates.

Regarding the online store, the pilfered data encompasses account names, salted password hashes, customer names, email addresses, billing addresses, shipping addresses, phone numbers, and partial credit card numbers.

Western Digital will directly contact affected customers; should a user regrettably receive an email or phone call from the company, it would indicate their data has been compromised.

In terms of code signing certificates, the hackers seized two from Western Digital. These certificates are primarily used for software, drivers, and firmware produced by the company. With the stolen certificates, attackers could potentially sign phishing software and malware. Western Digital added that the hackers gained control of their digital certificate infrastructure.

Unfortunately, Western Digital has not mentioned whether they collaborated with Microsoft to revoke the certificates. Revoking the certificates would be a straightforward task for Western Digital and Microsoft. However, once revoked, previously issued software might not install correctly—similar to the Nvidia certificate leak, where Microsoft intended to revoke the certificate but ultimately did not upon receiving clarification from Nvidia.

On April 3rd, Western Digital announced the cyberattack; My Cloud for Western Digital NAS devices resumed operation on April 13th, and a substantive report was released today. The Western Digital store is anticipated to return online around May 15th.