InfoSecBulletin Cybersecurity for mankind
Western Digital has finally restored the My Cloud service after more than a week following a hack, but those behind the breach claim to have stolen customer data.
The My Cloud service returned on Wednesday, 10 days after Western Digital officially reported an outage that made the online storage platform inaccessible for users.
Registration open for ‘𝐔𝐀𝐏 𝐂𝐘𝐁𝐄𝐑 𝐒𝐈𝐄𝐆𝐄 𝟐𝟎𝟐𝟓’
By infosecbulletin
/ Monday , April 21 2025
𝐓𝐡𝐞 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐥𝐮𝐛 of University of Asia Pacific (UAP) is going to arrange ‘𝐔𝐀𝐏 𝐂𝐘𝐁𝐄𝐑 𝐒𝐈𝐄𝐆𝐄 𝟐𝟎𝟐𝟓’ 𝐂𝐚𝐩𝐭𝐮𝐫𝐞 𝐓𝐡𝐞...
Read More
Samsung phone is saving your passwords in plain text
By infosecbulletin
/ Sunday , April 20 2025
You copy a password from your manager, thinking it's safe. Meanwhile, your phone is saving it in plain text. Samsung...
Read More
UK Software Firm Exposed 8 million of Healthcare Worker Records
By infosecbulletin
/ Saturday , April 19 2025
A data leak involving 8 million UK healthcare worker records, including IDs and financial information, was caused by a misconfigured...
Read More
GitHub Enterprise Server Vulns Expose Risk of Code Execution
By infosecbulletin
/ Saturday , April 19 2025
GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow...
Read More
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
By infosecbulletin
/ Friday , April 18 2025
Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
By infosecbulletin
/ Friday , April 18 2025
According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
By infosecbulletin
/ Friday , April 18 2025
A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak
By infosecbulletin
/ Thursday , April 17 2025
On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
By infosecbulletin
/ Thursday , April 17 2025
Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
Apple released emergency security updates for 2 zero-day vulns
By infosecbulletin
/ Thursday , April 17 2025
On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
The outage occurred right as Western Digital reported a breach that it first detected on March 26 involving hackers infiltrating the company’s systems and stealing some data. As a “proactive measure,” Western Digital took certain systems and services offline, likely to examine the full scope of the breach and to purge the hackers’ presence.
It’s unclear why My Cloud was down for so long, and what the hackers stole. Western Digital declined to offer any new comment. “This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities,” the company said on April 3.
However, TechCrunch spoke(Opens in a new window) to one of the hackers involved in the breach, who claims 10TB of company data was stolen, including information on customers.
The hacker says they asked Western Digital to pay at least an eight-figure sum or else the stolen data will be published online. However, TechCrunch notes the company appears to have shut down attempts by the hackers to negotiate a payment. It’s also important to note cybercriminals have every incentive to inflate or lie about their claims in order to pressure a company to pay up.
In the meantime, some Western Digital customers are demanding the company be more transparent about the breach and what might’ve been stolen. “We need to know what happened, have our details been compromised and what’s going to happen differently in future!?” wrote(Opens in a new window) one user on Facebook.
