Western Digital network security incident and service outage
US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a number of the company’s systems and some company data.
These are the most important details from the terse and very vague press release:
- Western Digital identified the network security incident on March 26, 2023
- The company started IR efforts with the help of external security and forensic experts, and law enforcement is being kept in the loop
- The company “implementing proactive measures to secure its business operations including taking systems and services offline” and is working to restore impacted infrastructure and services
- The attacker grabbed some data, but the nature and scope of that data is yet to be determined.
Service outage
Potential evidence of service disruption comes from the service status page of Western Digital’s My Cloud cloud storage service.
Current WD My Cloud service status
“Western Digital is currently experiencing a service outage impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger. We are working to restore service. We apologize for any inconvenience,” the company said on Sunday.
Users have also taken to Twitter to complain:
The login service for WD My Cloud Home is unavailable. Try logging in using the https://t.co/wlmcTr6SfC website or the WD My Cloud app.
— ➡️JanisF🤣 (@JanisF16) April 2, 2023
The login service for WD My Cloud Home is unavailable. Thank you @westerndigital for not letting me access my data that I have in the living room pic.twitter.com/u0gjlh8ssi
— Alejandro Lorente (@jalc_79) April 2, 2023
The company has still not published the press release on their website or made the announcement via social media. We’ve contacted the company for additional details, and will be updating this item when we know more.
UPDATE (April 5, 2023, 03:45 a.m. ET):
According to the WD My Cloud service status page, the services are still down.
Even users who want to access their data stored in local storage devices over the local network must authenticate themselves on MyCloud.com, which is currently unavailable, and they have been effectively locked out.