Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

As we close out 2023, we at Security Boulevard wanted to highlight the most popular articles of the year. Following is the latest in our series of the Best of 2023.

Hack of WD systems leads to My Cloud service outage. Owners unable to access files.

Last week’s ransomware hack of Western Digital continues to reverberate. For the past several hours, WD’s My Cloud services have returned a terse 503 error. It’s still down, at time of writing.

Bizarrely, even though users have local files on the NAS, they’re inaccessible. In today’s SB Blogwatch, we shrug and shuck.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: FCC is listening.

Déjà Vu: Not Your Cloud

What’s the craic? Yana Gaur briefly broke the story—“Western Digital reports network security incident”:

Western Digital … is looking into a network security incident, after a breach in some systems disrupted parts of its business operations. The unauthorized party obtained certain data from its systems, and Western Digital is working to understand the nature and scope of that data, the company said.

I’m confused. It sounds like Bill Toulas’s cloud service is down—“My Cloud Service Down”:

March 26
Users of [the] NAS service My Cloud have been reporting they couldn’t access their cloud-hosted media. … Trying to log into the service … shows a “503 Service Temporarily Unavailable” error. The issue is affecting … My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger.

The … incident was identified … on March 26. An investigation is in early stages and the company is coordinating efforts with law enforcement. [WD] believes that the intruder had access to some of the company data.

OIC. Whodunnit? Is it ransomware? Carly Page turns and shrugs—“Western Digital says hackers stole data”:

Western Digital hasn’t confirmed the nature of the incident … but its statement suggests the incident may be linked to ransomware. [But] the incident does not appear to have yet been claimed by any major ransomware group.

Western Digital notes that the incident “has caused and may continue to cause disruption” to the company’s business operations. … It’s not yet known who was behind the attack.

Cloud FTW? u/gruffdonut is not a fan:

This is why I’m hesitant about … cloud based services. Poof! They flipped the switch and you can’t access your files. Factor in the security breach and this gets a little more scary.

But surely people have access to a local copy? Alejandro Lorente—@jalc_79—thinks not:

The login service for WD My Cloud Home is unavailable. Thank you, Western Digital, for not letting me access my data that I have in the living room.

This is fine. Blazde reimagines the marketing blurb:

My Cloud Home. It’s a cloud in your home! All the disadvantages of centralised storage on your premises together with all the disadvantages of cloud storage. Available now.

I’d guess there probably is some way to access data locally (perhaps depending on configuration)? Can’t confirm because the User Manual on WD’s site is currently 503 Service Unavailable.

Apparently not. So what’s a better plan? NKosmatos gets real:

I pity those who trust their own data and rely on 3rd party companies: Your data are only yours if you have them locally. Yes, it’s nice and convenient to have everything online, but that’s the 2nd or 3rd place you should store your data.

The problem is that many people relied only on MyCloud, so they had a single point of failure in their workflows. … Store your data locally, store your backup on another device/medium (preferably at another location) and finally store a 3rd copy online (even better if you store different copies online at different cloud providers).

P.S., I own a WD My Cloud “NAS” and I have disabled Cloud Access.

Are you feeling any déjà vu? u/AK-Brian reminds us why:

At this point it’s a bit of a tradition for WD. I wonder how they’ll top it next year? Perhaps an ecommerce site breach would be a nice change of pace.

What other cloud services are at risk? VoiceOfTruth ponders the pachyderm in the parlor: [You’re fired—Ed.]

It will probably happen with software that “needs” to phone home too. I wonder how Adobe copes if its licence servers are unreachable. There’s too many software customer-milkers going down this route of subscription software.

Meanwhile, @___TheRealTruth is having a clearout:

For sale: Used 6TB Home Duo. DM for details.

And Finally:

The Feds are listening

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Knowledgebattle (cc:by-sa; leveled and cropped)

Recent Articles By Author


Click Here For The Original Story From This Source.

National Cyber Security