A hacker breached Western Digital and stole data, and in response, the company has shut down a wide swathe of its services which is preventing users from accessing their My Cloud files.
On April 3, Western Digital disclosed that it had a security incident on March 26. It is still unknown who was responsible for the breach or if it was a ransomware attack.
However, some of Western Digital's data was stolen in the incident. The company is trying to determine how much data was affected and if it included information from customers.
Western Digital took the systems and services offline as a precautionary measure. The Western Digital-induced outage for the company's My Cloud services started on April 3, and the platform is still down.
As a result, users cannot access My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and the SanDisk Ixpand Wireless Charger service.
"As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services," it reported. "Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data."
Ira Winkler, Field CISO and Vice President at CYE speculated that it might involve intellectual property theft.
"IP theft is unfortunately common in this industry, and Western Digital is a leader in the field and has a lot of data attractive to competitors," he told SDxCentral. "It is possible that they have some information about clients, such as warranty registration related information, and some personal information on their employees."
The investigation is ongoing, and Western Digital is working with security and forensic experts.
Backing up data
If Western Digital customers haven't already, they should ensure their data is backed up to multiple cloud services and offline hard drives, though that might not be possible at the moment if My Cloud is down.
A common refrain for data backups is known as the "rule of 3" or "3-2-1" strategy. It means having at least three copies of your data, two in one location and one at another site.
For example, Mac users can use Time Machine to back up their computers and store the data on external hard drives. Then, according to the 3-2-1 strategy, one or two of those hard drives can stay at home while one can be stored at a friend or family member's house.
People can also store their data on a cloud service like Apple's iCloud, Backblaze, or others. These two companies encrypt user data stored on their servers, making them an ideal choice to stay safe from data breaches.
15 Comments
Yup. Get yourself an external hard drive and use Time Machine. It's a super cheap solution to complement Internet backup services you may use. Or have 2 Time Machine backups even.
Interesting. I have one of their NAS devices with the option for external access turned off. I'm guessing it should be unaffected, but since I'm presently external to that location and have external access turned off, I'll have to wait to find out.
The reported "outage" started on April 2 with no updates since April 3 from Western Digital. Thousands of people are without their files and the customer service department fails to keep its customers updated about what is happening or the progress. We've been getting our information from people like you Andrew Orr. Thank you for posting and we hope you can find out more.
You can read more about what people are experiencing here at WD Community.
https://community.wd.com/c/home-cloud-storage/my-cloud-home/229
I own a couple of WD external drives for extra storage and local Time Machine backup. Drives have worked well but I always assumed their cloud service would be sketchy and never made use of it.
Their basic drives have been good for me but the company is terrible.
I was pushed into applying a firmware update onto an external drive using their universal firmware updater. It was supposedly for security reasons. The drive was out of warranty.
The update failed and all access to the drive was lost. I had other copies of the data but the company washed their hands of me.
Their only suggestion was to try and get the drive out of the enclosure and re-running the updater from a PC.
It was precisely the kind of situation that required stellar customer support. Dumping a generic disclaimer in the read me file of an update that they were pushing onto users for security reasons doesn't cut it.
I haven't bought another drive from them since and have steered well clear of their Cloud services.