Western Digital Confirms ‘My Book Live’ Drives Are Being Deleted Remotely

Western Digital’s widespread My Book Live laborious drives are being deleted remotely by an unknown attacker, in accordance with the corporate. And there’s not a lot anybody can do at this level however unplug their drives from the web.

“We have determined that some My Book Live devices have been compromised by a threat actor,” Western Digital’s Jolin Tan instructed Gizmodo early Friday by e-mail. “In some cases, this compromise has led to a factory reset that appears to erase all data on the device.”

But Western Digital assures customers the corporate’s cloud system hasn’t been compromised although the incident continues to be underneath lively investigation.

“The My Book Live device received its final firmware update in 2015,” Tan continued. “At this time, we are recommending that customers disconnect their My Book Live devices from the Internet to protect their data on the device.”

Users first reported that their drives had been remotely deleted on a WD neighborhood thread from June 23 with loads of horror tales, together with one from the creator of the thread who mentioned that their 2T drive had been fully wiped:

I’ve a WD mybook dwell linked to my dwelling LAN and labored nice for years. I’ve simply discovered that in some way all the info on it’s gone right this moment, whereas the directories appears there however empty. Previously the 2T quantity was virtually full however now it reveals full capability.

The even unusual factor is when I attempt to log into the management UI for prognosis I used to be-only capable of get to this touchdown web page with an enter field for “owner password”. I’ve tried the default password “admin” and in addition what I might set for it with no luck. There appears to be no change to retrieve or reset password on this touchdown web page both.

Could anybody assist to search out what was happening to this drive? I’m caught at emptied knowledge on it now…

Another consumer mentioned that they had years of knowledge deleted:

All my knowledge is gone too. Message in GUI says it was “Factory reset” right this moment! 06/23. I’m completely screwed with out that knowledge…years of it.

Someone else described the expertise as “scary”:

This is sort of scary. Exact similar subject I used to be capable of reset my password and log into the GUI however all my knowledge is gone.

There is not any indication of firmware replace. Not positive what to do…

Another consumer defined how they misplaced 4 completely different community drives, cleaned:

When I couldn’t entry any of the 4 Network drives I created, I went to Network and double clicked on the MyBookLive Icon, which took me to the GUI web page. A message popped up within the higher proper that mentioned the drive was manufacturing unit reset. I wasn’t close to my pc when this occurred because the time stamp was earlier within the day. All WD goes to ask if we created a “Safepoint” which we might then get better the info from the final saved level. There must be some “User Intervention” on WD’s half for this to occur to multiple particular person right this moment.

Another consumer described the expertise as trying like a easy error message at first earlier than they realized all the things was gone:

Exact similar factor has occurred to me. Tried to entry some information through the iPhone app however received an error message saying “unable to connect”. Assumed it was only a Wi-Fi/community subject however once I tried to entry the drive from my PC utilizing a shortcut all the things was gone apart from (empty) default Public folders: Shared Music, Shared Pictures, Shared Videos and Software.

The time stamps on these folders say they have been created at 00:16 (UK time) this morning.

There can also be a .tickle file created at 00:17.

I can’t log into the UI on the gadget because it says my password is invalid.

And there are a lot extra. Again, if in case you have a WD My Book Live laborious drive presently linked to the web, it is best to unplug it till the corporate figures out what’s happening.