Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
55,033
17,416


Western Digital is advising owners of its My Book Live storage drives to disconnect them from the internet until further notice, following reports from around the world that some devices have been compromised and wiped clean by malicious software.

western-digital-my-book-live.jpg

The WD My Book Live is the company's network-attached storage device with the book-style design that can stand upright on a desk. The drive is typically connected to computers via USB and connects to a local network via ethernet. Meanwhile, the WD My Book Live app lets users access their stored files remotely through Western Digital's cloud servers.

As reported by BleepingComputer, My Book Live and Live Duo device owners on Thursday began flooding Western Digital's support forums with reports that all of their files had been mysteriously deleted and that they could no longer access the device via the offical app or a browser.
"I have a WD My Book live connected to my home LAN that's worked fine for years," wrote the first poster in a now-long thread. "I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity."
When they attempted to log in using the drive's web dashboard, the drive told them they had an invalid password. Many other owners have also confirmed that their device has been hit with the same issue. "All my data is gone too," another user said. "I am totally screwed without that data... years of it."

Following further reports, a pattern has gradually emerged in shared device logs that points to a remote command initiating a factory reset on affected devices beginning at around 3:00 p.m. on Thursday and continuing throughout the night.

Western Digital has advised customers in a new support notice to disconnect their My Book Live devices while the company investigates the destructive attacks. The company has since told BleepingComputer they are actively investigating the attacks but do not believe it was a compromise of their servers.
"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers' data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."
If the company is correct in saying its servers haven't been hacked, it's unclear how so many My Book Live accounts could be compromised at or around the same time. We've asked for more information from Western Digital regarding the matter and will post an update to this story if we hear anything back, but the advice for device owners for now is clear: Disconnect your My Book Live.

Article Link: Western Digital Asks 'My Book Live' Device Owners to Unplug After Reports of Remotely Wiped Drives
 

error

macrumors member
Jun 22, 2006
59
197
Ahh… that sounds terrible! Indeed local and remote, or at least make local backups of your external drives.
 

haruhiko

macrumors 603
Sep 29, 2009
6,120
4,922
One should either: 1) put your files locally and keep the drive offline or 2) put them in a trustworthy cloud based storage system (iCloud Drive, Google Drive etc.)

The victims unfortunately chose the worst of both worlds: a single local copy with access to internet which supports remote deletion of all files.

The fact that WD gave up their old products and hasn’t issued any security updates since 2015 while retaining the remote wipe function is beyond irresponsible.
 

SirAnthonyHopkins

macrumors 6502a
Sep 29, 2020
644
1,187
Well, advice taken. Have disconnected mine. Nearly all the data is backed up on a local hard-drive anyway, but the hassle of transferring 2tb of data back onto the NAS isn't worth it. Will leave it unhooked for now.
 

CoOokie

macrumors newbie
Jan 9, 2021
1
0
If indeed one's only backup is on a drive like that, which can be accessed (and modified) remotely, then it's asking for trouble...
Why would you need constant access to your backup anyways? I can understand a different use case, if it's a media storage, for photos, documents etc., then it makes sense to expose it, but as your backup drive?
 

Unggoy Murderer

macrumors 6502a
Jan 28, 2011
627
1,830
Edinburgh, UK
Backup = more than one copy. Putting it on a "backup" disk doesn't mean you're safe from a data disaster!

If you need inexpensive off-site storage, I highly recommend using AWS Glacier Deep Archive. I store 312GB of photos in there and it only costs me ~$0.56/m. I still have my photos on a local disk here, but if my house burned down, or was flooded, Glacier gives me a "failsafe" restore route.

It's a bit fiddly to set up and work with, but well worth it vs the cost of something like Dropbox to do the same thing.
 

elvisimprsntr

macrumors 6502a
Jul 17, 2013
565
755
Florida
Hard lessons learned:
1. Never expose NAS to WAN or any remote access cloud service.
2. Need 3-2-1 backup strategy.
3. Replace EOL devices/software.

Even though I did not fall victim to recent QNAP QTS Qlocker ransomware since I don't expose my NAS devices to a WAN, I got fed up with constant QTS security patches for hardcoded credentials and vulnerabilities, and installed TrueNAS CORE on my QNAP TS-453A and TS-253A. Works better and faster than QTS!

Screen Shot 2021-06-25 at 06.29.39.png
 
Last edited:

IllinoisCorn

macrumors 6502a
Jan 15, 2021
744
913
This is a sophisticated enough device/product that you’d think the users would understand that one failure point is unacceptable. if they’re Mac users and didn’t use TM also, then shame on them.

And I really hate victim blaming, but there’s no excuse.
 
  • Like
Reactions: iGüey and saudor

loby

macrumors 65816
Jul 1, 2010
1,323
870
"...no updates to firmware since 2015..."

That is a warning in itself, given all of the cyber attacks etc. over the last few years. Might be best to have it just local and shut off the WAN option. WD's consumer personal cloud is nice, but those that use them have to understand the risks (but still generally safe). These examples are Good advertising for iCloud services and they will take advantage of this, but for those who don't want to have iCloud backups etc. we have little choices now-a-days.

Probably better if you use personal iCloud setups, to have a product that gets current firmware updates to minimize the risks. WD still has a few that updates regularly, so they are still a good choice (and reasonably priced), for non-cloud services.
 

PBG4 Dude

macrumors 68040
Jul 6, 2007
3,752
3,580
I've found WD's consumer products to be absolute trash. Had a NAS drive fail after about three months of light usage (full data loss), and had a few spinning disks fail inside machines over the years too.
Funny, I have the opposite experience with WD products. I use their USB-powered external hard drives for almost everything. They are connected to my Xbox, was connected to my PS4 before that was retired, and have 3 for backup disks. So far (touch wood) no issues. The only drives I’ve had outright fail on me are Maxtor and Seagate drives. I will not buy those brands anymore.

I do not use the WD cloud drives. I was considering one for remote file access, but not with a company that doesn’t update their firmware for 6+ years on an internet-connected device. That’s just begging to be hacked.
 

SirAnthonyHopkins

macrumors 6502a
Sep 29, 2020
644
1,187
Funny, I have the opposite experience with WD products. I use their USB-powered external hard drives for almost everything. They are connected to my Xbox, was connected to my PS4 before that was retired, and have 3 for backup disks. So far (touch wood) no issues. The only drives I’ve had outright fail on me are Maxtor and Seagate drives. I will not buy those brands anymore.
I guess it all comes down to personal experience, since mechanical hard drives are always going to fail at some point, and if someone gets unlucky with two WD drives they're likely to turn against the brand. But I agree, I always go WD now after having a couple of Seagate drives fail on me.
 
  • Like
Reactions: PBG4 Dude

Apple_Robert

macrumors Penryn
Sep 21, 2012
29,260
37,682
In the middle of several books.
This is a sophisticated enough device/product that you’d think the users would understand that one failure point is unacceptable. if they’re Mac users and didn’t use TM also, then shame on them.

And I really hate victim blaming, but there’s no excuse.
A lot of people don’t know any better, unfortunately. Too often people think a single backup should suffice. They don’t take into account hardware failure or shouldn’t have happened nightmares like this.
 
  • Like
Reactions: iGüey and biziclop

BulkSlash

macrumors regular
Aug 20, 2013
246
652
I've always rated the reliability of WD's hard drives, but their network storage devices are always really badly supported with patches and updates only lasting a year or two at best.

I'll actually be surprised if they fix this, I suspect they'll just conclude there aren't enough users for the PR fallout to be a bad enough for them to do anything.
 

Marx55

macrumors 68000
Jan 1, 2005
1,815
645
This is not new. Cloud? No, thanks! Nothing like local whatever. Including external portable SSD.
 
  • Love
Reactions: iGüey

baryon

macrumors 68040
Oct 3, 2009
3,701
2,268
Remember when everyone was talking about backing up your data? For some reason ever since everything is in "the cloud" no one is talking about backing up anymore, as if the cloud was magically perfect and incapable of error. Data still needs to be backed up, especially if it's in the cloud (which is technically the same thing as a network connected drive like this). Storing your things in the cloud means you have zero control over your data, which is actually not "your" data at that point. It's convenient, sure, but you need an up-to-date local backup.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.