In This Article:
The hackers who breached data storage giant Western Digital claim to have stolen around 10 terabytes of data from the company, including reams of customer information. The extortionists are pushing the company to negotiate a ransom — of a “minimum 8 figures” — in exchange for not publishing the stolen data.
On April 3, Western Digital disclosed “a network security incident” saying hackers had exfiltrated data after hacking into “a number of the Company’s systems.” At the time, Western Digital provided few details about exactly what data the hackers stole, saying in a statement that the hackers “obtained certain data from its systems and [Western Digital] is working to understand the nature and scope of that data.”
One of the hackers spoke with TechCrunch and provided more details, with the goal of verifying their claims. The hacker shared a file that was digitally signed with Western Digital’s code-signing certificate, showing they could now digitally sign files to impersonate Western Digital. Two security researchers also looked at the file and agreed it is signed with the company’s certificate.
The hackers also shared phone numbers allegedly belonging to several company executives. TechCrunch called the numbers. Most of the calls rang but went to automated voicemail messages. Two of the phone numbers had voicemail greetings that mentioned the names of the executives that the hackers claimed were associated with the numbers. The two phone numbers are not public.
Screenshots shared by the hacker show a folder from a Box account apparently belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product) and a screenshot of a group call where one of the participants is identified as Western Digital’s chief information security officer.
They also said they were able to steal data from the company’s SAP Backoffice, a back-end interface that helps companies manage e-commerce data.
The hacker said that their goal when they hacked Western Digital was to make money, though they decided against using ransomware to encrypt the company’s files.
“I want to give them a chance to pay but our callers [...] they have called them many times. They don’t answer and if they do they listen and hang up,” the hacker said.
The hacker said they have also emailed several executives — using their personal email addresses because the corporate email system is currently down — demanding a “one-time payment.”
“We are the vermin who breached your company. Perhaps your attention is needed!” the hackers wrote, according to a copy of the email the hackers shared with TechCrunch. “Continue down this path and we will retaliate.”