If You Use a WD My Book Live Hard Drive, Unplug It Immediately
Western Digital, most well known for making many types of popular hard drives including the My Book line external devices, is advising users to disconnect any My Book Live storage devices from the internet as soon as possible and until further notice to prevent files from being deleted.
The My Book line of Hard Drives is a popular series of storage devices since they are very affordable options for users. Typically the external storage devices connect to computers via USB cables, but in the case of the My Book Live series, it uses an ethernet cable to connect to a local network where users can then remotely access their files and make configuration changes using the Western Digital cloud infrastructure. When it was first announced, Western Digital billed it as a “personal cloud.”
ARS Technica is reporting the problem was first brought to light from a thread on the WD support page where users have started to discover that the data stored on these drives is being inexplicably erased. Files are being mysteriously deleted and the drive itself is being “factory reset” with no action taken by the users themselves.
Western Digital is still investigating the issue, but the data loss appears to be the result of some “malicious software” and has issued a warning to users urging them disconnect the drives from the internet as soon as possible until the company can figure out how to protect the drives and prevent any further deletions.
I have a WD mybook live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity.
The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck. There seems to be no change to retrieve or reset password on this landing page either.
Users are reporting that whether it was a factory reset, a hard deletion, or an apparent hack, everything stored on the affected devices has been completely wiped clean.
At the time of publication, there were no reports that any data was restored.
There is little additional information currently available about the issue, but the community of users is speculating that based on what Western Digital has stated, it appears the devices could have been “individually compromised” in a targeted attack.
Either way, users of these networked dives are advised to disconnect them as soon as possible to prevent any potential data loss.