Western Digital Confirms Hackers Stole Customer Data, Including Phone Numbers
If you bought hardware from Western Digital’s online store, your personal data may soon be sold to cybercriminals.
Over a month after it suffered a breach, Western Digital confirms(Opens in a new window) the attackers stole customer data by obtaining a copy of a database for its online store. “This information included customer names, billing and shipping addresses, email addresses and telephone numbers,” it says.
“In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers,” the company adds. Hence, the stolen password data should be difficult, if not impossible, to crack, depending on the encryption used.
The company already emailed(Opens in a new window) affected customers to warn them to be on guard against phishing messages designed to trick potential targets into clicking malicious links or handing over their personal information. The memory maker also suspended account access to the Western Digital online store until May 15.
In the meantime, the hackers behind the breach are signaling they will share stolen customer details with other cybercriminals. “Beginning next week on an unspecified day, we will share leaks every week until we lose interest," the hackers posted in an April 28 message on the ALPHV ransomware gang’s website.
“Once that happens, we will put their intellectual property up for sale, including code signing certificates, firmware, personally identifiable information of customers, and more,” the hackers added. As evidence, the post contains screenshots of internal documents, emails, and videos seemingly taken from Western Digital during the breach.
It's not clear many users were ensnared in the incident. Western Digital didn’t immediately
Read more on pcmag.com
