Western Digital Asks 'My Book Live' Device Owners to Unplug After Reports of Remotely Wiped Drives

Western Digital is advising owners of its My Book Live storage drives to disconnect them from the internet until further notice, following reports from around the world that some devices have been compromised and wiped clean by malicious software.

western digital my book live
The WD My Book Live is the company's network-attached storage device with the book-style design that can stand upright on a desk. The drive is typically connected to computers via USB and connects to a local network via ethernet. Meanwhile, the WD My Book Live app lets users access their stored files remotely through Western Digital's cloud servers.

As reported by BleepingComputer, My Book Live and Live Duo device owners on Thursday began flooding Western Digital's support forums with reports that all of their files had been mysteriously deleted and that they could no longer access the device via the offical app or a browser.

"I have a WD My Book live connected to my home LAN that's worked fine for years," wrote the first poster in a now-long thread. "I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity."

When they attempted to log in using the drive's web dashboard, the drive told them they had an invalid password. Many other owners have also confirmed that their device has been hit with the same issue. "All my data is gone too," another user said. "I am totally screwed without that data... years of it."

Following further reports, a pattern has gradually emerged in shared device logs that points to a remote command initiating a factory reset on affected devices beginning at around 3:00 p.m. on Thursday and continuing throughout the night.

Western Digital has advised customers in a new support notice to disconnect their My Book Live devices while the company investigates the destructive attacks. The company has since told BleepingComputer they are actively investigating the attacks but do not believe it was a compromise of their servers.

"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers' data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."

If the company is correct in saying its servers haven't been hacked, it's unclear how so many My Book Live accounts could be compromised at or around the same time. We've asked for more information from Western Digital regarding the matter and will post an update to this story if we hear anything back, but the advice for device owners for now is clear: Disconnect your My Book Live.

Top Rated Comments

haruhiko Avatar
12 weeks ago
One should either: 1) put your files locally and keep the drive offline or 2) put them in a trustworthy cloud based storage system (iCloud Drive, Google Drive etc.)

The victims unfortunately chose the worst of both worlds: a single local copy with access to internet which supports remote deletion of all files.

The fact that WD gave up their old products and hasn’t issued any security updates since 2015 while retaining the remote wipe function is beyond irresponsible.
Score: 24 Votes (Like | Disagree)
deckard666 Avatar
12 weeks ago
Remote and local folks.....always
Score: 21 Votes (Like | Disagree)
JSL1 Avatar
12 weeks ago
Poor security by WD to allow this to happen and to allow remote wipes.
Score: 12 Votes (Like | Disagree)
elvisimprsntr Avatar
12 weeks ago
Hard lessons learned:
1. Never expose NAS to WAN or any remote access cloud service.
2. Need 3-2-1 backup strategy.
3. Replace EOL devices/software.

Even though I did not fall victim to recent QNAP QTS Qlocker ransomware since I don't expose my NAS devices to a WAN, I got fed up with constant QTS security patches for hardcoded credentials and vulnerabilities, and installed TrueNAS CORE ('https://www.truenas.com/truenas-core/') on my QNAP TS-453A and TS-253A. Works better and faster than QTS!



Attachment Image
Score: 9 Votes (Like | Disagree)
W2u7Yw4HaD Avatar
12 weeks ago
Unless their data is wholly in the cloud also and can be undeleted, this isn't a wise thing to connect to the cloud as your only offline backup source..
Score: 8 Votes (Like | Disagree)
CoastalMaineBird Avatar
12 weeks ago
all the data on it is gone today, while the directories seems there but empty.
...
this compromise has led to a factory reset that appears to erase all data on the device.

I don't think the "factory reset" would leave all the directories there.
Score: 6 Votes (Like | Disagree)

Top Stories

the changeling tv show lakeith

Drama Series 'The Changeling' Coming to Apple TV+

Wednesday August 25, 2021 9:24 am PDT by
Apple today announced that it has picked up a new drama series called "The Changeling," which is based on the best-selling Victor LaValle book of the same name. LaKeith Stanfield, known for "Atlanta" and "Judas and the Black Messiah," is set to star in the show. "The Changeling" is described as a "fairytale for grown-ups" that's part horror story, part parenthood fable, and a "perilous...
oprah book club siri

Siri Can Now Tell You What Oprah's Reading

Tuesday March 16, 2021 10:19 am PDT by
Apple has a partnership with Oprah for "Oprah's Book Club," a follow along reading experience available in the Apple Books app and the Apple TV+ app. Starting today, there's a new Oprah Siri integration that allows you to ask Siri what book Oprah is currently reading for her book club. In response, Oprah herself reads a synopsis of the book, which happens to be Marilynne Robinson's novel...
tmobilelogo

T-Mobile Confirms Data Breach, Unclear If Personal Customer Data Was Accessed

Monday August 16, 2021 12:49 pm PDT by
T-Mobile today confirmed that some of its data had been accessed without authorization in a breach that may impact more than 100 million of its users. Over the weekend, T-Mobile began investigating a forum post that offered data from more than 100 million people. T-Mobile was not mentioned in that post, but the person selling the data told Motherboard that it had come from T-Mobile's...
tmobilelogo

T-Mobile's Security is 'Awful' Says Hacker Who Stole Data From 50 Million Customers

Thursday August 26, 2021 12:06 pm PDT by
T-Mobile recently suffered a significant data breach that saw sensitive data from more than 50 million current, prospective, and former customers stolen. John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for...
taiwan railways administration

Taiwan Railways Administration Announces Apple Pay Support for E-Tickets

Monday September 6, 2021 1:21 am PDT by
Taiwan's Railways Administration (TRA) has officially announced support for using Apple Pay when purchasing train tickets with the service's e-booking mobile app. In a press release on its website, the country's railway operator said it was making the new "Apple Pay ticketing service" available from September 7 in order to improve convenience for passengers when booking tickets via the...
tmobilelogo

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

Friday August 27, 2021 1:03 pm PDT by
T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users. Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale. "We...
telegram live video

Latest Telegram Update Uncaps Number of Live Video Stream Viewers

Wednesday September 1, 2021 4:47 am PDT by
Telegram Messenger has received a major update that expands support for live video streams, allowing streams to be watched by an unlimited number of viewers. Version 8 of the popular messaging platform uncaps the previous live stream audience limit of 1,000 viewers for groups and channels, and includes more customization options when forwarding messages, plus a shortcut to switch between...
tmobilelogo

T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers

Wednesday August 18, 2021 5:41 am PDT by
T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers. Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company...
isaacson musk

Steve Jobs' Biographer Walter Isaacson Is Writing a Book About Elon Musk

Thursday August 5, 2021 3:56 am PDT by
Walter Isaacson, the biographer of Steve Jobs, is penning a book about entrepreneur and business magnate Elon Musk, according to Musk. "If you're curious about Tesla, SpaceX & my general goings on, @WalterIsaacson is writing a biography," tweeted Musk on Thursday. In subsequent tweets, Musk revealed that Isaacson had been shadowing him "for several days so far," and said he thought all...
tmobilelogo

T-Mobile Says an Additional 5.3 Million Customer Accounts Were Compromised in Data Breach

Friday August 20, 2021 9:21 am PDT by
T-Mobile earlier this week shared details on a data breach where hackers gained access to the personal information of close to 50 million current, former, and prospective customers. At the time, T-Mobile said that data from 7.8 million current customers had been compromised, as well as information from 40 million former or potential customers. In an updated statement provided today, T-Mobile ...