Western Digital Asks 'My Book Live' Device Owners to Unplug After Reports of Remotely Wiped Drives

Western Digital is advising owners of its My Book Live storage drives to disconnect them from the internet until further notice, following reports from around the world that some devices have been compromised and wiped clean by malicious software.

western digital my book live
The WD My Book Live is the company's network-attached storage device with the book-style design that can stand upright on a desk. The drive is typically connected to computers via USB and connects to a local network via ethernet. Meanwhile, the WD My Book Live app lets users access their stored files remotely through Western Digital's cloud servers.

As reported by BleepingComputer, My Book Live and Live Duo device owners on Thursday began flooding Western Digital's support forums with reports that all of their files had been mysteriously deleted and that they could no longer access the device via the offical app or a browser.

"I have a WD My Book live connected to my home LAN that's worked fine for years," wrote the first poster in a now-long thread. "I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity."

When they attempted to log in using the drive's web dashboard, the drive told them they had an invalid password. Many other owners have also confirmed that their device has been hit with the same issue. "All my data is gone too," another user said. "I am totally screwed without that data... years of it."

Following further reports, a pattern has gradually emerged in shared device logs that points to a remote command initiating a factory reset on affected devices beginning at around 3:00 p.m. on Thursday and continuing throughout the night.

Western Digital has advised customers in a new support notice to disconnect their My Book Live devices while the company investigates the destructive attacks. The company has since told BleepingComputer they are actively investigating the attacks but do not believe it was a compromise of their servers.

"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers' data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."

If the company is correct in saying its servers haven't been hacked, it's unclear how so many My Book Live accounts could be compromised at or around the same time. We've asked for more information from Western Digital regarding the matter and will post an update to this story if we hear anything back, but the advice for device owners for now is clear: Disconnect your My Book Live.

Top Rated Comments

haruhiko Avatar
18 weeks ago
One should either: 1) put your files locally and keep the drive offline or 2) put them in a trustworthy cloud based storage system (iCloud Drive, Google Drive etc.)

The victims unfortunately chose the worst of both worlds: a single local copy with access to internet which supports remote deletion of all files.

The fact that WD gave up their old products and hasn’t issued any security updates since 2015 while retaining the remote wipe function is beyond irresponsible.
Score: 24 Votes (Like | Disagree)
deckard666 Avatar
18 weeks ago
Remote and local folks.....always
Score: 21 Votes (Like | Disagree)
JSL1 Avatar
18 weeks ago
Poor security by WD to allow this to happen and to allow remote wipes.
Score: 12 Votes (Like | Disagree)
elvisimprsntr Avatar
18 weeks ago
Hard lessons learned:
1. Never expose NAS to WAN or any remote access cloud service.
2. Need 3-2-1 backup strategy.
3. Replace EOL devices/software.

Even though I did not fall victim to recent QNAP QTS Qlocker ransomware since I don't expose my NAS devices to a WAN, I got fed up with constant QTS security patches for hardcoded credentials and vulnerabilities, and installed TrueNAS CORE ('https://www.truenas.com/truenas-core/') on my QNAP TS-453A and TS-253A. Works better and faster than QTS!



Attachment Image
Score: 9 Votes (Like | Disagree)
W2u7Yw4HaD Avatar
18 weeks ago
Unless their data is wholly in the cloud also and can be undeleted, this isn't a wise thing to connect to the cloud as your only offline backup source..
Score: 8 Votes (Like | Disagree)
CoastalMaineBird Avatar
18 weeks ago
all the data on it is gone today, while the directories seems there but empty.
...
this compromise has led to a factory reset that appears to erase all data on the device.

I don't think the "factory reset" would leave all the directories there.
Score: 6 Votes (Like | Disagree)

Related Stories

oprah book club siri

Siri Can Now Tell You What Oprah's Reading

Tuesday March 16, 2021 10:19 am PDT by
Apple has a partnership with Oprah for "Oprah's Book Club," a follow along reading experience available in the Apple Books app and the Apple TV+ app. Starting today, there's a new Oprah Siri integration that allows you to ask Siri what book Oprah is currently reading for her book club. In response, Oprah herself reads a synopsis of the book, which happens to be Marilynne Robinson's novel...
the changeling tv show lakeith

Drama Series 'The Changeling' Coming to Apple TV+

Wednesday August 25, 2021 9:24 am PDT by
Apple today announced that it has picked up a new drama series called "The Changeling," which is based on the best-selling Victor LaValle book of the same name. LaKeith Stanfield, known for "Atlanta" and "Judas and the Black Messiah," is set to star in the show. "The Changeling" is described as a "fairytale for grown-ups" that's part horror story, part parenthood fable, and a "perilous...
m1x mac mini screen feature

New High-End Mac Mini: Everything Rumors Say We Can Expect

Monday October 18, 2021 5:36 am PDT by
With Apple's "Unleashed" event just hours away, the focus has understandably been on the new MacBook Pro models that are expected to debut, but rumors suggest we could also see the company unveil a new Mac mini with a new design and a faster Apple silicon processor. Here's what we've heard from sources over the past year. Kicking things off, Bloomberg's Mark Gurman in May said that Apple was ...
app store blue banner

U.S. Department of Justice Likely to File Antitrust Lawsuit Against Apple

Monday October 25, 2021 1:35 pm PDT by
The United States Department of Justice is accelerating its antitrust probe into Apple and there is increased likelihood that Apple will face an antitrust lawsuit, reports The Information. Citing internal sources with knowledge of the investigation, The Information says there has been a "flurry" of activity as the DOJ has continued to question Apple, its customers, and its competitors about...
tmobilelogo

T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

Monday August 16, 2021 12:49 pm PDT by
T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users. Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's...
Apple Logo Cash Orange 1

Scammers Used Devious Tactic to Steal $1.5 Million Worth of Apple Products in Secret

Friday October 1, 2021 3:15 am PDT by
Two scammers stole $1.5 million from Apple over a period of three years using the company's own technology, Business Insider reports. One of the scammers stole $50,000 worth of digital Apple gift cards in Texas, while on the same day, his partner used the gift cards to buy thousands of dollars worth of Apple products in New York. The haul in Southlake, Texas, alone totaled $50,000 using 26...
taiwan railways administration

Taiwan Railways Administration Announces Apple Pay Support for E-Tickets

Monday September 6, 2021 1:21 am PDT by
Taiwan's Railways Administration (TRA) has officially announced support for using Apple Pay when purchasing train tickets with the service's e-booking mobile app. In a press release on its website, the country's railway operator said it was making the new "Apple Pay ticketing service" available from September 7 in order to improve convenience for passengers when booking tickets via the...
tmobilelogo

T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers

Thursday August 26, 2021 12:06 pm PDT by
T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen. John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for...
genesis gv70 nfc key

Apple Preparing to Support Digital Car Keys for Genesis Vehicles

Tuesday September 21, 2021 2:45 pm PDT by
Last year, Apple debuted support for digital car keys, which let users lock, unlock, and start their vehicles using a pass stored in the Wallet app on the iPhone. And with iOS 15, there's now Ultra Wideband support on the iPhone 11 and later that will let the feature work without having to remove your iPhone from your pocket. Car manufacturers need to add the NFC technology to their vehicles ...
tmobilelogo

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

Friday August 27, 2021 1:03 pm PDT by
T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users. Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale. "We...