Customers still can't access My Cloud data after Western Digital hack fallout
A hacker breached Western Digital and stole data, and in response, the company has shut down a wide swathe of its services which is preventing users from accessing their My Cloud files.
Breach at Western Digital
On April 3, Western Digital disclosed that it had a security incident on March 26. It is still unknown who was responsible for the breach or if it was a ransomware attack.
However, some of Western Digital's data was stolen in the incident. The company is trying to determine how much data was affected and if it included information from customers.
Western Digital took the systems and services offline as a precautionary measure. The Western Digital-induced outage for the company's My Cloud services started on April 3, and the platform is still down.
As a result, users cannot access My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and the SanDisk Ixpand Wireless Charger service.
"As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services," it reported. "Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data."
My Cloud services are still down
Ira Winkler, Field CISO and Vice President at CYE speculated that it might involve intellectual property theft.
"IP theft is unfortunately common in this industry, and Western Digital is a leader in the field and has a lot of data attractive to competitors," he told SDxCentral. "It is possible that they have some information about clients, such as warranty registration related information, and some personal information on their employees."
The investigation is ongoing, and Western Digital is working with security and forensic experts.
A common refrain for data backups is known as the "rule of 3" or "3-2-1" strategy. It means having at least three copies of your data, two in one location and one at another site.
For example, Mac users can use Time Machine to back up their computers and store the data on external hard drives. Then, according to the 3-2-1 strategy, one or two of those hard drives can stay at home while one can be stored at a friend or family member's house.
People can also store their data on a cloud service like Apple's iCloud, Backblaze, or others. These two companies encrypt user data stored on their servers, making them an ideal choice to stay safe from data breaches.
Read on AppleInsider
Breach at Western Digital
On April 3, Western Digital disclosed that it had a security incident on March 26. It is still unknown who was responsible for the breach or if it was a ransomware attack.
However, some of Western Digital's data was stolen in the incident. The company is trying to determine how much data was affected and if it included information from customers.
Western Digital took the systems and services offline as a precautionary measure. The Western Digital-induced outage for the company's My Cloud services started on April 3, and the platform is still down.
As a result, users cannot access My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and the SanDisk Ixpand Wireless Charger service.
"As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services," it reported. "Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data."
My Cloud services are still down
Ira Winkler, Field CISO and Vice President at CYE speculated that it might involve intellectual property theft.
"IP theft is unfortunately common in this industry, and Western Digital is a leader in the field and has a lot of data attractive to competitors," he told SDxCentral. "It is possible that they have some information about clients, such as warranty registration related information, and some personal information on their employees."
The investigation is ongoing, and Western Digital is working with security and forensic experts.
Backing up data
If Western Digital customers haven't already, they should ensure their data is backed up to multiple cloud services and offline hard drives, though that might not be possible at the moment if My Cloud is down.A common refrain for data backups is known as the "rule of 3" or "3-2-1" strategy. It means having at least three copies of your data, two in one location and one at another site.
For example, Mac users can use Time Machine to back up their computers and store the data on external hard drives. Then, according to the 3-2-1 strategy, one or two of those hard drives can stay at home while one can be stored at a friend or family member's house.
People can also store their data on a cloud service like Apple's iCloud, Backblaze, or others. These two companies encrypt user data stored on their servers, making them an ideal choice to stay safe from data breaches.
Read on AppleInsider
Comments
You can read more about what people are experiencing here at WD Community.
https://community.wd.com/c/home-cloud-storage/my-cloud-home/229
I was pushed into applying a firmware update onto an external drive using their universal firmware updater. It was supposedly for security reasons. The drive was out of warranty.
The update failed and all access to the drive was lost. I had other copies of the data but the company washed their hands of me.
Their only suggestion was to try and get the drive out of the enclosure and re-running the updater from a PC.
It was precisely the kind of situation that required stellar customer support. Dumping a generic disclaimer in the read me file of an update that they were pushing onto users for security reasons doesn't cut it.
I haven't bought another drive from them since and have steered well clear of their Cloud services.
Thanks
Stewart
I should add an offsite full backup (likely at a local bank safety deposit box) later this year for my mac (now that I'm retired). Local incremental backups to a Seagate drive, with most documents and email on iCloud. Also, a Gmail account for junk mail (larger free storage limit), and for use in an emergency (on a Chromebook).
The safety deposit box storage should cover me in the event of a home fire, tornado or bombing. Don't think I need to worry about a nuclear attack of the USAF base (I'd likely be vaporized).
One way to avoid this type of single point failure in a redundancy based strategy is to use different backup software or different backup strategies for some of your backups. For example, you can use Time Machine, with or without multiple disks, for some backups and also use Carbon Copy Cloner (or similar software like SuperDuper) that creates a full and optionally bootable backup of your entire machine.
I’ve had excellent recovery success using Time Machine, but I also keep copies of my data and content, but not applications, in iCloud and I also make a full bootable backup of my machine every few days to a separate disk using Carbon Copy Cloner. I also make archives of related data, e.g., everything associated with a project or event that occurs at certain time increments, for example, weekly, monthly, or yearly and copy those zipped archives to a separate storage media.
If you’re only keeping a single backup of your data up to date, say on TimeMachine, you are probably doing a whole lot more than what most people do. Beyond that it’s a personal choice and depends on how much you value your data and understand the full cost of losing it or having to recreate it from scratch, if that’s even possible. Now that external SSDs are so affordable it’s easy to justify having one permanently attached to one of your desktop Mac’s built-in ports or on a docking station that you plug your MacBook Pro into every day or so and having TimeMachine backing up to the SSD.