Skip to main content

Western Digital comes clean about massive security breach

The popular PC storage manufacturer, Western Digital, has confirmed that it experienced a network security breach earlier this year, in which an unauthorized third party gained control of several of its systems.

The incident took place on March 26, 2023, but was immediately addressed by the manufacturer, with Western Digital reporting the breach bringing in top security experts to launch an investigation, which is currently ongoing, the company said in a statement.

Image used with permission by copyright holder

The bad actors in charge of the breach were able to get access to a copy of a database used to operate the Western Digital online store. Information from this database includes “personal customer information, such as names, billing and shipping addresses, email addresses, and telephone numbers,” as well as “Encrypted hashed and salted passwords and partial credit card numbers,” the company noted.

In collaboration with external forensic experts, the investigation aims to determine the brevity of the breach, and Western Digital said it plans to directly contact customers that have had their data compromised.

The company also warns customers against using digital signing technology that could be fraudulent, noting that it has “control over its digital certificate infrastructure,” and is “equipped to revoke certificates as needed.” Western Digital also reminds its users to be mindful when downloading applications from unofficial sources on the internet.

The brand said its systems and services are now restored since the initial breach and product shipments have not been affected as per customer demand. Services that were shut down, include My Cloud, which was restored on April 13, 2023. Western Digital online store accounts are set to be restored during the week of May 15, 2023.

Western Digital also notes with the investigation being ongoing, that its forward-looking statements are not concrete, and updates that might come in the future might give different details than what the company is saying now.

Still, Western Digital has been much more open about its breach than many other companies traditionally. In October 2022, Microsoft servers suffered a breach that potentially affected over 65,000 entities across 111 countries and the company declined to comment. In August 2022, The Android-based payment system, Wiseasy, well-known in the Asia-Pacific region suffered a malware hack. Reports at the time said there was no information on whether Wiseasy had plans to directly tell its customers about the hack.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more
Nvidia warns owners of its GPUs about a dangerous security vulnerability
Promotional photo of an Nvidia GeForce RTX 3090 graphics card.

Nvidia is warning GPU owners to update their graphics card drivers after the company discovered several high-level security vulnerabilities. ThreatPost reports that Nvidia found bugs in its virtual GPU software and the display driver that's required for the graphics card to function.

Nvidia has a table showing the drivers for its different product lines across Windows and Linux, but it doesn't really matter. It seems GeForce, Quadro, and Tesla drivers are vulnerable across Windows and Linux, so it's best to update your graphics driver regardless.

Read more
Safari is about to have a huge security advantage over Google Chrome
iphone 6 air features release rumors touchid hand

If you use an iPhone or an iPad, you've been able to launch your favorite banking app and authenticate using your biometrics in lieu of a password since Touch ID's debut, and now Apple is looking to expand password-less logins to websites. At the Worldwide Developers Conference, Apple informed developers that Safari 14 will bring Face ID and Touch ID to websites that support Fast Identity Online (FIDO) logins on iOS, iPad OS, and macOS.

The feature, based on Web Authentication and implemented by Apple as Platform Authenticator, is expected to arrive by the end of the year and will debut with iOS 14 and macOS Big Sur, the Mac-maker stated.

Read more