'Malicious' Actor Is Wiping The Data Of Countless Western Digital My Book Users
from the past-its-expiration-date dept
Owners of the Western Digital popular My Book external hard drives aren't having a particularly good week. The company is advising customers to stop using the devices for now after customers mysteriously found their data deleted. According to complaints over at the company's website (first spotted by Bleeping Computer), many users say they woke up to find that the content of their external USB-connected storage drives had been completely wiped. Worse, they couldn't log in to the device's administrative systems to run any kind of diagnosis on the drives:
"I have a WD mybook live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity.
The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck. There seems to be no change to retrieve or reset password on this landing page either."
The problem appears to have begun at around 3PM on June 23, at which point these devices started receiving a remote command to perform a factory reset. This appears to still be happening on a staggered basis. The Western Digital announcement sent out to customers suggests that a malicious actor has found a way to compromise the devices, and is deleting data for their own amusement:
"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."
There's been absolutely no indication given of when customers can expect a fix. Western Digital stopped supporting the My Book Live in 2015 for cost reasons, leaving millions of devices with dated firmware and vulnerabilities. According to user threads at the company's website, some Western Digital MyDrive users who say they disabled all cloud functionality to protect themselves, say their data was wiped anyway. Since much of this data is encrypted, recovering it may prove to be a long shot, meaning that many users who thought they were being smart by backing up their essential files, will have likely lost everything permanently.
It's not that hard for an everyday consumer -- inundated with an endless sea of obligations -- to miss the handful of notifications (if they even existed) that their devices are now neither supported nor secure. Given the millions of shitily-secured network routers and IOT devices that are being connected annually, the scope of the problem (and our collective apathy to it) really can't be overstated. If you know somebody who uses this hardware for backups and storage, you might want to give them a nudge.
Filed Under: cybersecurity, external hard drive, malicious actors, mybook, ownership