SUPPORT

Product Security

We provide products and services that store and transfer data with the understanding that protecting data is critical to our users. We strive to innovate and enhance our products to provide increased privacy and security. Transparency of our privacy and security practices is essential to our commitment to users, and to that end, we have created this web page to provide timely information.

Bulletins

WDC-21010 My Cloud - files.mycloud.com XSS Vulnerability
WDC-21009 My Cloud Firmware Version 5.15.106
WDC-21008 Recommended Security Measures for WD My Book Live and WD My Book Live Duo
WDC-21007 EdgeRover Windows App Version 0.25
WDC-21006 My Cloud - files.mycloud.com XSS Vulnerability
WDC-21004 Recommended Upgrade to My Cloud OS 5
WDC-21003 ArmorLock, Insecure Key Storage Vulnerability
WDC-21002 My Cloud Firmware Version 5.10.122
WDC-21001 My Cloud, My Cloud Home and SanDisk ibi Web Version 4.13.0
Report a Security Issue

To report a security issue you believe you have found in a Western Digital product or service, including issues which may affect the privacy of user data, please email the details of your findings to the PSIRT (Product Security Incident Response Team) at PSIRT@wdc.com. If possible, please include the following: 

  • the specific product(s) or service(s) affected, including any relevant version numbers;
  • details on the impact of the issue;
  • any information that can help reproduce or diagnose the issue, including a Proof of Concept (PoC) if available; and
  • whether you believe the vulnerability is already publicly disclosed or known to third parties.


Please use our PGP/GPG key to encrypt the information before sending it. The Western Digital PSIRT will respond to your email within 3 business days.

Once the report has been confirmed, Western Digital will work with you to coordinate disclosure. We typically request a disclosure timeframe of 90 days, consistent with industry norms. Western Digital will request the assignment of CVE IDs for confirmed issues.

Western Digital does not currently offer or participate in a bug bounty program.