HomeHardwareNews
Customers' personal info stolen in data breach, Western Digital saysSSD makers admit names, addresses, and encrypted passwords were pinched
SSD makers admit names, addresses, and encrypted passwords were pinched
Western Digital, the PC storage giants behind some of thebest gaming SSDs, havereleased an updateon a data breach that occurred in late March. Uplifting news, it is not: the “network security incident” was a large-scale case of digital thievery, with the culprits stealing a database containing the names, billing and shipping addresses, email addresses, and telephone numbers of customers to WD’s online store.
The plundered database also included encrypted and salted passwords and partial credit card numbers, according to the statement. Western Digital are contacting affected users directly, and have temporarily shut down their store.
Top 12 Best Multiplayer Games to Play on PCWatch on YouTube
Top 12 Best Multiplayer Games to Play on PC
Though the company first publicly acknowledged the breach with apress releaseon April 3rd, more than a week after the March 26th incident took place, Western Digital kept quiet on both the content and the nature of the breach while they investigated.TechCrunch, however, soon reported it as an extortion attempt, with the then-unnamed hackers demanding an eight-figure sum for the stolen data’s return. Ransomware group BlackCat ultimately claimed responsibility, and according to security researcherDominic Alvierihave already been sharing screenshots of other pilfered material including Western Digital’s internal comms and videoconferences.
“We are aware that other alleged Western Digital information has been made public,” the latest WD statement reads. “We are investigating the validity of this data and will continue reporting our findings as appropriate.”
“Regarding reports of the potential to fraudulently use digital signing technology allegedly attributed to Western Digital in consumer products, we can confirm that we have control over our digital certificate infrastructure. In the event we need to take precautionary measures to protect customers, we are equipped to revoke certificates as needed. We’d like to remind consumers to always use caution when downloading applications from non-reputable sources on the Internet.”
