Western Digital blames malware for My Book Live devices being wiped remotely

Western Digital blames malware for My Book Live devices being wiped remotely

Engadget·2021-06-25 18:00

People who own and use a Western Digital My Book Live cloud storage device may want to disconnect it from the internet as soon as possible. As first reported by Bleeping Computer, a number of people worldwide who own the network-attached storage device took to the company's forum to report that all their files had been deleted. Terabytes' worth of data, years of memories and months of hard work vanished in an instant. The users couldn't even log into WD's cloud infrastructure for diagnosis, because their passwords were no longer working. Several owners looked into the cause of the issue and determined that their devices were wiped after receiving a remote command for a factory reset. The commands starting going out at 3PM on Wednesday and lasted throughout the night. One user posted a copy of their log showing how a script was run to shut down their storage device for a factory restore:Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system rebootJun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: startJun 23 16:02:29 MyBookLive _: pkg: wd-nasJun 23 16:02:30 MyBookLive _: pkg: networking-generalJun 23 16:02:30 MyBookLive _: pkg: apache-php-webdavJun 23 16:02:31 MyBookLive _: pkg: date-timeJun 23 16:02:31 MyBookLive _: pkg: alertsJun 23 16:02:31 MyBookLive logger: hostname=MyBookLiveJun 23 16:02:32 MyBookLive _: pkg: admin-rest-apiThe WD My Book Live devices connect to the internet via an Ethernet cable, and owners can use it to wirelessly back up their computers or to access their files from any device. It's a great solution for homes and businesses with multiple computers and phones that run different operating systems. As Bleeping Computer notes, the storage solution communicates through the My Book Live cloud servers to provide remote access. It's an old model that hasn't been updated since 2015, but it's still protected by a firewall. Some of the affected owners expressed concerns that Western Digital's servers were hacked, allowing bad actors to send out a remote factory reset command to all devices connected to them.However, Western Digital blames the incident on malware in a statement it issued to address the situation. The company said some My Book Live devices were compromised, though it didn't explain how bad actors were able to infiltrate them, and that owners should disconnect the storage solution from the internet for now.The whole statement reads:"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers' data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."


Read full article on Engadget