Western Digital Asks 'My Book Live' Device Owners to Unplug After Reports of Remotely Wiped Drives

[MacRumors]

Western Digital is advising owners of its My Book Live storage drives to disconnect them from the internet until further notice, following reports from around the world that some devices have been compromised and wiped clean by malicious software.

The WD My Book Live is the company's network-attached storage device with the book-style design that can stand upright on a desk. The drive is typically connected to computers via USB and connects to a local network via ethernet. Meanwhile, the WD My Book Live app lets users access their stored files remotely through Western Digital's cloud servers.

As reported by BleepingComputer, My Book Live and Live Duo device owners on Thursday began flooding Western Digital's support forums with reports that all of their files had been mysteriously deleted and that they could no longer access the device via the offical app or a browser.

"I have a WD My Book live connected to my home LAN that's worked fine for years," wrote the first poster in a now-long thread. "I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity."

When they attempted to log in using the drive's web dashboard, the drive told them they had an invalid password. Many other owners have also confirmed that their device has been hit with the same issue. "All my data is gone too," another user said. "I am totally screwed without that data... years of it."

Following further reports, a pattern has gradually emerged in shared device logs that points to a remote command initiating a factory reset on affected devices beginning at around 3:00 p.m. on Thursday and continuing throughout the night.

Western Digital has advised customers in a new support notice to disconnect their My Book Live devices while the company investigates the destructive attacks. The company has since told BleepingComputer they are actively investigating the attacks but do not believe it was a compromise of their servers.

"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers' data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."

If the company is correct in saying its servers haven't been hacked, it's unclear how so many My Book Live accounts could be compromised at or around the same time. We've asked for more information from Western Digital regarding the matter and will post an update to this story if we hear anything back, but the advice for device owners for now is clear: Disconnect your My Book Live.

Article Link: Western Digital Asks 'My Book Live' Device Owners to Unplug After Reports of Remotely Wiped Drives

 

[deckard666]

Remote and local folks.....always

 

[Shirasaki]

From when regular users are better employing enterprise level backup strategy?
This is yet another example of internet connected device getting attacked remotely. Too bad for those people who doesn’t have a second backup.

 

[JSL1]

Poor security by WD to allow this to happen and to allow remote wipes.

 

[W2u7Yw4HaD]

Unless their data is wholly in the cloud also and can be undeleted, this isn't a wise thing to connect to the cloud as your only offline backup source..

 

[error]

Ahh… that sounds terrible! Indeed local and remote, or at least make local backups of your external drives.

 

[haruhiko]

One should either: 1) put your files locally and keep the drive offline or 2) put them in a trustworthy cloud based storage system (iCloud Drive, Google Drive etc.)

The victims unfortunately chose the worst of both worlds: a single local copy with access to internet which supports remote deletion of all files.

The fact that WD gave up their old products and hasn’t issued any security updates since 2015 while retaining the remote wipe function is beyond irresponsible.

 

[SirAnthonyHopkins]

Well, advice taken. Have disconnected mine. Nearly all the data is backed up on a local hard-drive anyway, but the hassle of transferring 2tb of data back onto the NAS isn't worth it. Will leave it unhooked for now.

 

[CoOokie]

If indeed one's only backup is on a drive like that, which can be accessed (and modified) remotely, then it's asking for trouble...
Why would you need constant access to your backup anyways? I can understand a different use case, if it's a media storage, for photos, documents etc., then it makes sense to expose it, but as your backup drive?

 

[Unggoy Murderer]

Backup = more than one copy. Putting it on a "backup" disk doesn't mean you're safe from a data disaster!

If you need inexpensive off-site storage, I highly recommend using AWS Glacier Deep Archive. I store 312GB of photos in there and it only costs me ~$0.56/m. I still have my photos on a local disk here, but if my house burned down, or was flooded, Glacier gives me a "failsafe" restore route.

It's a bit fiddly to set up and work with, but well worth it vs the cost of something like Dropbox to do the same thing.

 

[elvisimprsntr]

Hard lessons learned:
1. Never expose NAS to WAN or any remote access cloud service.
2. Need 3-2-1 backup strategy.
3. Replace EOL devices/software.

Even though I did not fall victim to recent QNAP QTS Qlocker ransomware since I don't expose my NAS devices to a WAN, I got fed up with constant QTS security patches for hardcoded credentials and vulnerabilities, and installed TrueNAS CORE on my QNAP TS-453A and TS-253A. Works better and faster than QTS!

 

[IllinoisCorn]

This is a sophisticated enough device/product that you’d think the users would understand that one failure point is unacceptable. if they’re Mac users and didn’t use TM also, then shame on them.

And I really hate victim blaming, but there’s no excuse.

 

[Unggoy Murderer]

Poor security by WD to allow this to happen and to allow remote wipes.

I've found WD's consumer products to be absolute trash. Had a NAS drive fail after about three months of light usage (full data loss), and had a few spinning disks fail inside machines over the years too.

 

[loby]

"...no updates to firmware since 2015..."

That is a warning in itself, given all of the cyber attacks etc. over the last few years. Might be best to have it just local and shut off the WAN option. WD's consumer personal cloud is nice, but those that use them have to understand the risks (but still generally safe). These examples are Good advertising for iCloud services and they will take advantage of this, but for those who don't want to have iCloud backups etc. we have little choices now-a-days.

Probably better if you use personal iCloud setups, to have a product that gets current firmware updates to minimize the risks. WD still has a few that updates regularly, so they are still a good choice (and reasonably priced), for non-cloud services.

 

[PBG4 Dude]

I've found WD's consumer products to be absolute trash. Had a NAS drive fail after about three months of light usage (full data loss), and had a few spinning disks fail inside machines over the years too.

Funny, I have the opposite experience with WD products. I use their USB-powered external hard drives for almost everything. They are connected to my Xbox, was connected to my PS4 before that was retired, and have 3 for backup disks. So far (touch wood) no issues. The only drives I’ve had outright fail on me are Maxtor and Seagate drives. I will not buy those brands anymore.

I do not use the WD cloud drives. I was considering one for remote file access, but not with a company that doesn’t update their firmware for 6+ years on an internet-connected device. That’s just begging to be hacked.

 

[SirAnthonyHopkins]

Funny, I have the opposite experience with WD products. I use their USB-powered external hard drives for almost everything. They are connected to my Xbox, was connected to my PS4 before that was retired, and have 3 for backup disks. So far (touch wood) no issues. The only drives I’ve had outright fail on me are Maxtor and Seagate drives. I will not buy those brands anymore.

I guess it all comes down to personal experience, since mechanical hard drives are always going to fail at some point, and if someone gets unlucky with two WD drives they're likely to turn against the brand. But I agree, I always go WD now after having a couple of Seagate drives fail on me.

 

[Apple_Robert]

This is a sophisticated enough device/product that you’d think the users would understand that one failure point is unacceptable. if they’re Mac users and didn’t use TM also, then shame on them.

And I really hate victim blaming, but there’s no excuse.

A lot of people don’t know any better, unfortunately. Too often people think a single backup should suffice. They don’t take into account hardware failure or shouldn’t have happened nightmares like this.

 

[BulkSlash]

I've always rated the reliability of WD's hard drives, but their network storage devices are always really badly supported with patches and updates only lasting a year or two at best.

I'll actually be surprised if they fix this, I suspect they'll just conclude there aren't enough users for the PR fallout to be a bad enough for them to do anything.

 

[JosephAW]

We’ll probably find out later this is WD doings.

 

[rpmurray]

And there are a lot of clueless people who attach devices in their homes (locks, lights, tv, nanny cam, etc.) to the internet. What could possibly go wrong?

 

[Marx55]

This is not new. Cloud? No, thanks! Nothing like local whatever. Including external portable SSD.

 

[jonnysods]

I won't even use the cloud feature on my QNAP. QNAP is my local backup, then I have a cloud option for backups.

I feel bad for these users - so devastating to lose your files and photos.

 

[CoastalMaineBird]

all the data on it is gone today, while the directories seems there but empty.
...
this compromise has led to a factory reset that appears to erase all data on the device.

I don't think the "factory reset" would leave all the directories there.

 

[baryon]

Remember when everyone was talking about backing up your data? For some reason ever since everything is in "the cloud" no one is talking about backing up anymore, as if the cloud was magically perfect and incapable of error. Data still needs to be backed up, especially if it's in the cloud (which is technically the same thing as a network connected drive like this). Storing your things in the cloud means you have zero control over your data, which is actually not "your" data at that point. It's convenient, sure, but you need an up-to-date local backup.

 

[Sasparilla]

Wonder if this was a demo as part of a ransom demand of WD?