Hackers claim vast access to Western Digital systems

The hackers who breached knowledge storage large Western Digital declare to have stolen round 10 terabytes of information from the corporate, together with reams of buyer data. The extortionists are pushing the corporate to barter a ransom — of a “minimal 8 figures” — in trade for not publishing the stolen knowledge.

On April 3, Western Digital disclosed “a community safety incident” saying hackers had exfiltrated knowledge after hacking into “quite a lot of the Firm’s techniques.” On the time, Western Digital supplied few particulars about precisely what knowledge the hackers stole, saying in a statement that the hackers “obtained sure knowledge from its techniques and [Western Digital] is working to grasp the character and scope of that knowledge.”

One of many hackers spoke with TechCrunch and supplied extra particulars, with the purpose of verifying their claims. The hacker shared a file that was digitally signed with Western Digital’s code-signing certificates, exhibiting they may now digitally signal recordsdata to impersonate Western Digital. Two safety researchers additionally appeared on the file and agreed it’s signed with the corporate’s certificates.

The hackers additionally shared cellphone numbers allegedly belonging to a number of firm executives. TechCrunch referred to as the numbers. Many of the calls rang however went to automated voicemail messages. Two of the cellphone numbers had voicemail greetings that talked about the names of the executives that the hackers claimed had been related to the numbers. The 2 cellphone numbers should not public.

Screenshots shared by the hacker present a folder from a Field account apparently belonging to Western Digital, an inside e mail, recordsdata saved in a PrivateArk occasion (a cybersecurity product) and a screenshot of a bunch name the place one of many contributors is recognized as Western Digital’s chief data safety officer.

Additionally they mentioned they had been in a position to steal knowledge from the corporate’s SAP Backoffice, a back-end interface that helps corporations handle e-commerce knowledge.

The hacker mentioned that their purpose once they hacked Western Digital was to generate profits, although they determined in opposition to utilizing ransomware to encrypt the corporate’s recordsdata.

“I need to give them an opportunity to pay however our callers […] they’ve referred to as them many instances. They don’t reply and in the event that they do they hear and dangle up,” the hacker mentioned.

The hacker mentioned they’ve additionally emailed a number of executives — utilizing their private e mail addresses as a result of the company e mail system is at present down — demanding a “one-time fee.”

“We’re the vermin who breached your organization. Maybe your consideration is required!” the hackers wrote, based on a duplicate of the e-mail the hackers shared with TechCrunch. “Proceed down this path and we’ll retaliate.”

“We solely want a one-time fee, after which we’ll depart your community and allow you to learn about your weaknesses. No lasting hurt has been performed. But when there are any efforts to intervene with us, our techniques, or anything. We’ll strike again,” the hackers continued. “We’re nonetheless buried in your community and we’ll preserve digging there till we discover a fee from you. We are able to utterly conceal this and make all of it disappear. Earlier than it’s too late, allow us to try this. Till now, you’ve got been gracious; Let’s hope that you don’t preserve going the flawed method.”

“Lower the crap, get the cash, and let’s each go our separate methods. Merely put, allow us to put our egos apart and work to discover a decision to this chaotic situation,” the hackers wrote.

Western Digital spokesperson Charlie Smalling mentioned the corporate declined to remark or reply questions concerning the hacker’s claims, comparable to whether or not the corporate might affirm the quantity of information stolen, if it included buyer knowledge and whether or not the corporate had made contact with the hackers.

The hacker who spoke to TechCrunch declined to specify what sort of buyer knowledge they’ve, how they initially broke into Western Digital’s community and the way they maintained entry to the corporate’s community.

“I can say that we exploited vulnerabilities inside their infrastructure and spidered our method to international administrator of their [Microsoft] Azure tenant,” the hacker mentioned.

As for why they hacked Western Digital, the hacker mentioned they only give you targets “randomly.” Additionally they declined to say something about themselves or the group, saying they don’t go by any title.

If Western Digital doesn’t get again to them, the hacker mentioned, they’re prepared to begin publishing the stolen knowledge on the web site of the ransomware gang Alphv. The hacker mentioned they don’t seem to be immediately affiliated with Alphv however “I do know them to be skilled.”

Do you’ve got extra details about the Western Digital hack? We’d love to listen to from you. You may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Wickr, Telegram and Wire @lorenzofb, or e mail lorenzo@techcrunch.com. You may also contact TechCrunch by way of SecureDrop.