Western Digital Provides Information on Network Security Incident

April 03, 2023 02:06 AM Eastern Daylight Time

SAN JOSE, Calif.–(BUSINESS WIRE)–Western Digital Corp. (NASDAQ: WDC) today provided information regarding a network security incident involving some of its systems and the Company’s active response to this matter.

On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.

Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.

The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data.

While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company’s business operations.

The Company will provide updates as appropriate.

for when they solve the problem, since I use the information from my cloud daily, or how could I withdraw my information from the device that I urgently need. please.

Unless you turned on local network acess while before the servers were down you’re pretty much stuck waiting unless you have a computer geek friend that can decrypt data.

In my case, the store doesn’t work, you don’t even dare to use the web

So their servers have been hacked.

Can you guys confirm the impact of this incident on NAS user’s security? Is our files hacked as well?

If their servers have been hacked, it’s likely that impacted data will include their account holders’ credentials as well. However, our files are stored on our local devices on our own network. So it’s important to ensure to have security enabled and updated on your own network.

WD turned their authentication servers back on today, around 2 PM ET Apr 7, 2023 which will now allow local access to be enabled for those who missed it the last few months.

This is an encouraging sign because it suggests no user accounts data was breached, so it is unlikely that a threat actor could hack the My Cloud Home for now through the authentication service. It is important to have good firewall in your router that can take a log of suspicious activity and promptly email the administrator that information.

Updated 04/07/2023 05:14 PM instructions:
https://support-en.wd.com/app/answers/detailweb/a_id/50626

Question, If the local network access is now available, is it possible to establish the tailscale as you instructed earlier ?

Yes, of course. Local access on the MCH only had to be enabled once, but without prior enabling of local access, Tailscale would not have been able to see the MCH, but now with WD authentication working and with ‘local access’ enabled, the Tailscale (software) subnet router can now provide routing for the MCH if set up as described:

Many thanks, this’ll help alot

That is one implication. Another choice would be that given the outcry; and having no path to remedy the problem - - - -they just turned on the servers while they worked out other problems.

While a simple ransomware problem is likely. . . . and it is taking a week (WTH) to restore a simply safepoint backup. it is ALSO possible the data is flat out compromised.

What I would do is establish the local access; with the FIRST action to be to CHANGE ALL PASSWORDS ON THE SYSTEM