Someone Erases Data from WD My Book Live and Manufacturer Advises Unplugging Devices

Western Digital NAS owners worldwide complain that all files have been deleted from their WD My Book Live devices, and they can no longer log in through a browser or app, receiving an “Invalid Password” error. Trying to use the default password (admin) doesn’t help either.

Some victims write that, judging by the logs, their devices received a remote reset command to factory settings.

Many users fear that their devices have been compromised, and an attacker has sent a massive reset command to the NAS. But in this case, it is strange that the attackers did not leave ransom notes and other threats, instead carrying out a destructive and senseless attack.

Some victims report that they were able to recover some files using the PhotoRec tool. But, unfortunately, this method did not help everyone.

Western Digital has already issued a warning advising all owners of My Book Live and My Book Live Duo devices to urgently disconnect them from the Internet while the company’s engineers investigate the issue.

Also, Western Digital engineers told the media that, in their opinion, the devices were compromised using a certain vulnerability, since they were directly connected to the Internet.

Interestingly, the last firmware update for WD My Book Live was released in 2015, and after that critical bug CVE-2018-18472 was discovered, for which an exploit immediately appeared.

Let me remind you that I also talked about the fact that Attackers use a three-year-old RCE bug to install backdoors in Qnap NAS.