WD My Book Live Owner's Data Disappears Overnight

News
By
published

Manufacturer blames malicious software

A screenshot uploaded to the WD support forum by user Sunpeak
(Image credit: Western Digital/Sunpeak)

Owners of Western Digital My Book Live drives are being advised to unplug them from the internet today, after some users woke up to find their previously data-filled drives were looking suspiciously empty, with users taking to the company’s support forum to report the issue.

If the data loss wasn’t enough, My Book Live owners are also reporting that their passwords no longer work to open up the drive’s admin console, some users also report that the default admin passwords also no longer work. One user has reported that a message in the GUI “says it was ‘Factory reset’ today”. The My Book Live and My Book Live Duo are older products, and no longer supported by Western Digital, but are apparently still being used as a backup solution by many.

Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api

Console log from WD My Book Live owner Sunpeak via WD Forums

Western Digital released the following statement on its support forum: “Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available.”

In an email seen by Ars Technica, Western Digital say that the incident is "under active investigation" and "We do not have any indications of a breach or compromise of Western Digital cloud services or systems."

My Book Live devices were an early form of ‘personal cloud’ storage, and ranged in capacity from one to three terabytes, with the Duo model available up to eight TB. They were designed to plug into your home network via Ethernet, to be accessed by any device that was also connected, and it could run automatic backups, DLNA streaming, and even an iTunes media server. Duo devices could use RAID-1 for safer backups. They also offered secure remote access over the internet.

Ian Evenden
Ian Evenden
Freelance News Writer

Ian Evenden is a UK-based news writer for Tom’s Hardware US. He’ll write about anything, but stories about Raspberry Pi and DIY robots seem to find their way to him.

4 Comments Comment from the forums
  • Ralston18
    Interesting.

    Something is amiss on my WD My Book Live.

    Showing only 3 GB storage left and the date was incorrect.

    Attempted to correct the date but discovered that the year cannot be set beyond 2020 (firmware limit I think.)

    NAS was not allowed internet access.

    TBD.
    Reply
  • InvalidError
    Want to bet that WD's "fix" will be telling users to just buy a new one?
    Reply
  • derekullo
    Build your own nas with open source software and any spare mini-tower or tower pc you have from the last 2 decades.

    https://xigmanas.com/xnaswp/
    Reply
  • tomnewb
    Does anyone know if this also affects the WD My Cloud devices? They look very similar to the My Book live devices
    Reply