Owners of Western Digital My Book Live drives are being advised to unplug them from the internet today, after some users woke up to find their previously data-filled drives were looking suspiciously empty, with users taking to the company’s support forum to report the issue.
If the data loss wasn’t enough, My Book Live owners are also reporting that their passwords no longer work to open up the drive’s admin console, some users also report that the default admin passwords also no longer work. One user has reported that a message in the GUI “says it was ‘Factory reset’ today”. The My Book Live and My Book Live Duo are older products, and no longer supported by Western Digital, but are apparently still being used as a backup solution by many.
Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script: Jun 23 15:14:05 MyBookLive shutdown: shutting down for system reboot Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start Jun 23 16:02:29 MyBookLive _: pkg: wd-nas Jun 23 16:02:30 MyBookLive _: pkg: networking-general Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav Jun 23 16:02:31 MyBookLive _: pkg: date-time Jun 23 16:02:31 MyBookLive _: pkg: alerts Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api
Western Digital released the following statement on its support forum: “Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available.”
In an email seen by Ars Technica, Western Digital say that the incident is "under active investigation" and "We do not have any indications of a breach or compromise of Western Digital cloud services or systems."
My Book Live devices were an early form of ‘personal cloud’ storage, and ranged in capacity from one to three terabytes, with the Duo model available up to eight TB. They were designed to plug into your home network via Ethernet, to be accessed by any device that was also connected, and it could run automatic backups, DLNA streaming, and even an iTunes media server. Duo devices could use RAID-1 for safer backups. They also offered secure remote access over the internet.