Last Updated: August 17, 2019
A misconfiguration of the Western Digital Store improperly allowed access to store resources (including account configuration) from outside domains.
The Access-Control-Allow-Origin header was misconfigured and improperly allowed access to Western Digital Store resources from outside domains. This could have been exploited by an attacker to view or change a logged-in user’s name or email address by having a user visit a separate, malicious web site. The access origin rules have been updated to prevent this attack.
Reported by Tushar Anand