Hackers who successfully breached Western Digital’s systems in March 2023 have now published a series of screenshots, revealing internal emails and other company communications that allegedly demonstrate the storage giant’s inadequate response to the incident. The leaked images, discovered by cybersecurity researcher Dominic Alvieri, depict 29 screenshots capturing various aspects of WD’s actions following the breach.
While it is not confirmed whether the hackers still maintain access to WD’s systems and are taunting the company, it is important to note that the timeline of a data breach investigation and response typically involves a period of assessing the breach and securing the compromised systems. Therefore, there may have been a window of opportunity during which the hackers obtained these screenshots.
Among the leaked images, one screenshot shows a “media holding statement,” while another suggests that employees may have leaked information about the breach to the media. In March, unidentified threat actors breached Western Digital’s systems, exfiltrating 10 terabytes of sensitive data. Interestingly, the hackers claim no affiliation with any existing ransomware groups, but they did issue a message on the ALPHV (BlackCat) leak site, demanding an immediate ransom payment from Western Digital under the threat of further harm.
To substantiate their claims, the hackers shared partial stolen information with TechCrunch, which included files signed with WD’s code-signing keys, undisclosed phone numbers, and internal data screenshots. However, the authenticity of this information could not be independently verified by the media outlet.
In response to the breach, Western Digital was compelled to temporarily shut down its cloud services for two weeks, causing frustration among users of My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger.
As of now, Western Digital has not provided any official comment regarding the leaked screenshots or the breach incident. The exposure of internal communications underscores the urgent need for companies to strengthen their cybersecurity measures and promptly address any potential vulnerabilities to protect sensitive data and maintain customer trust.
