It's been several weeks since PC storage company Western Digital reported that an "unauthorized third party" had hacked into its network. This weekend, Western Digital finally offered up some more info about the attack and its consequences.
In a press release, the company said that the "third party" accessed a database that contained information about Western Digital's online store. It stated:
This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers. We will communicate directly with impacted customers.
The company's statement added it was aware that an unnamed hacker went public with claims that it had obtained the company's code-signing certificate, which it said could be used to impersonate Western Digital. The company said it was "investigating the validity of this data" but added that it had "control over our digital certificate infrastructure."
Western Digital said that while an investigation into the hacker attack is still ongoing, it took proactive measures by taking down its systems off the internet once the attack was known. That explains why its My Cloud online storage services was down for about 10 days in April. The company's online store is still down, but Western Digital says it should go back online the week of May 15.
The company is due to report its quarterly financial results next week, so we will see if they make any further mention of this attack at that time. However, Western Digital did say that its factories have not been affected and that "we are shipping products to meet our customers’ needs."