We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

10TB of Data Stolen From Western Digital in Cyberattack

10TB of Data Stolen From Western Digital in Cyberattack
Zane Kennedy Published on 21st April 2023 Cybersecurity Researcher

Data storage giant Western Digital has been hacked by cybercriminals who claim to have stolen around 10 terabytes of data, including customer information. The hackers are demanding a ransom of a minimum of eight figures from Western Digital in exchange for not publishing the stolen data.

On April 3rd, Western Digital reported that on March 26th, it had "identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the company's systems." The company did not provide much detail regarding the nature and scope of the stolen data at the time or how the hackers accessed the company's network.

The cybercriminals behind the attack contacted TechCrunch, who verified their claims. One of the hackers shared a file digitally signed with Western Digital's code-signing certificate, indicating that they could now digitally sign files to impersonate Western Digital. The hackers also shared private phone numbers allegedly belonging to several Western Digital executives.

TechCrunch called these numbers, and while several went to automated voicemail boxes, two had custom voicemail greetings that mentioned the names of the executives associated with the numbers.

The hackers shared screenshots showing a folder from a Box account allegedly belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product), and a screenshot of a group call where one participant was identified as Western Digital's chief information security officer. The hackers also claimed that they were able to steal data from the company's SAP Backoffice, a back-end interface for managing e-commerce data.

The hackers warned Western Digital stating, "We are still buried in your network, and we will keep digging there until we find a payment from you."

TechCrunch said that the hacker who spoke to them said their goal when they hacked Western Digital was to make money. The hackers have demanded a one-time payment from the company and have sent several executives emails regarding the ransom to their personal email addresses (as the corporate email system is down).

Western Digital declined to comment or answer questions about the hacker's claims, whether the company could confirm if the data stolen included customer data, and whether the company had made contact with the hackers.

If Western Digital fails to comply with the demands, the hackers have asserted that they are ready to publish the stolen data on the website of the ransomware gang Alphv.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.