WD My Book Live breach is causing data wipes worldwide

You can also be interested in these:

Living in the digital age means it’s only natural to trust USBs and hard drives with the documents that make up our lives. Waking up to see that everything in an external drive is wiped out literally and figuratively leaves “My Book Live” users empty. The WD My Book Live is a well-known storage device for businesses and personal use. The maker of the device, Western Digital, recommended that all customers disconnect the drives from the Internet until the incidents are investigated. On June 24th, 2021, many WD My Book Live owners had all of their data wiped gone by what seems to be a random deletion.

Right after the mass deletions, users gathered at WD’s community discussion center via their website, startled that other consumers had lost all of their data, too. Multiple frustrated complaints on the forum vented about losing years worth of data overnight.

Complaints of WD My Book Live mass deletions are publicly reported on the Western Digital community forum

BleepingComputer’s Lawrence Abrams was the first person to find complaints about the destruction being reported on that Western Digital community forum. One user with the name of “sunpeak” confirmed that all their personal folders were collectively and uncontrollably edited on June 23, the day before all data was wiped. Many other device-owners on the community forum recalled receiving the same factory-reset messages. Some users feel that the data seemingly blipped into the abyss at the same time that their devices were going into a self-initiated factory reset. Company engineers of Western Digital currently have no clue as to how such compromises could happen from devices all over the world. Forum member sunpeak confirms that 2T of data completely vanished.

The WD My Book Live isn’t new tech. It is one of the many hard drive options out there that plug into computers through a USB. The WD My Book Live specifically uses an Ethernet cable to connect to a local network. Once connected, users can view their files and make setting changes through Western Digital’s cloud platform. The brand eliminated My Book Live support in 2015.

WD My Book Live

Western Digital’s website currently displays a statement that recommends customers disconnect their My Book Live devices. In an email, WD wrote:

“The incident is under active investigation from Western Digital. We do not have any indications of a breach or compromise of Western Digital cloud services or systems.

We have determined that some My Book Live devices have been compromised by a threat actor. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015.

At this time, we are recommending that customers disconnect their My Book Live devices from the Internet to protect their data on the device.

We have issued the following statement to our customers and will provide updates to this thread when they are available: https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147”

Western Digital offers in-depth investigation, but solutions are currently unknown

Western Digital’s email didn’t clarify when or how solutions would be put into effect. It’s implied that the mass data deletion depended on each individual customer account. Unfortunately, users have not received any sort of compensation for years of lost data. Consumers are bearing the misfortune as they wait for an explanation.

On June 25th, the day after the mass deletions, Western Digital blamed the lost data fiasco on remote wipes. A remote wipe is a security capability that allows users who own the device or network administrators to create a command that deletes all data to any computing technology. It’s a feature that’s often used for deleting device data that has been stolen or lost. It can also be used when devices are being switched over to new owners of different administrators.

WD My Book Live blames an exploitation of RCE instead of technical malfunction

The WD My Book Live makers are pointing the finger at an exploitation of a remote command-execution (RCE). Even if the NAS (network-attached storage) devices were protected by some kind of firewall or router, somehow an RCE was still initiated. Therefore, this unknown breach launched a factory reset that “appears to erase all data on the device,” according to Western Digital’s advisory.

WD My Book Live is no longer supported by Western Digital. Their site advisory mentions that the last firmware update for its My Book Live and My Book Live Duo devices was in 2015. WD also addressed how customers’ data is very important to them and that the company is using its resources to actively investigate the issue. The company promises to continue updating the public as more information becomes available. On the other side of the coin, Western Digital sent a statement to multiple news outlets confirming that WD does not believe that cloud service issues or breaching were responsible.

It’s unclear where the mass deletion came from if it wasn’t from a breach or a cloud problem. Users should not always be held responsible for having alternative backups. They are always recommended, but members are deserving of Western Digital taking full responsibility. Consumers should be able to trust big tech companies to protect their data.

NAS data deletions and hijackings are common in the digital world

This isn’t the first or last NAS data nightmare. In December 2020, major cross-site scripting flaws were uncovered on QNAP NAS systems that could allow data exploitation. At the end of March 2021, QNAP NAS devices were found to be vulnerable to a zero-day attack, which would basically allow any hacker to retrieve anyone’s stored data. A zero-day attack allows the attacker to exploit a flaw and hijack a system before developers have a chance to address it. Databases with hidden cracks like misconfiguration can risk everyone’s information in its entirety, and are still pretty common for attackers to find.

WD My Book Live’s data destruction didn’t come with an attacker’s demands. The random selection of specific user deletion may indicate that perhaps blackmail or exaction wasn’t the goal during this data massacre. The Western Digital NAS attack may have attracted hijackers who are simply testing their skillset. My Book users and industry programmers eagerly await Western Digital’s upcoming investigation results.

More relevant references:

More stories like this