If you use a Western Digital My Book Live, you want to disconnect it from the internet immediately. WD has advised customers to unplug My Book external hard drives from the web until further notice, as customers are reporting that their data has been completely deleted.
Ars Technica reports that WD’s support forum shows that numerous users have lost their data with no obvious hope for recovery. One user, sunpeak, wrote, ‚I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full, but now it shows full capacity.‘ Many other users are reporting the same issue. User dalogan72 writes, ‚All data gone, what kind of security is this?‘
|Screenshot from a Western Digital forum thread|
Some users have been able to dig into an activity log for their My Book Live and found evidence of an initiated factory restore and shutdown.
In a statement to customers, Western Digital states that a malicious actor is behind the issue. ‚Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers‘ data is very important. At this time, we recommend you disconnect your My Book Live from the internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available.‘
|Some users are unable to log in and data has been deleted. Image credit: WD forums|
As WD mentions, the My Book Live hasn’t been officially supported since 2015, so it’s possible a security flaw has existed for years without being exploited or discovered. The device connects to a local network and internet through an ethernet cable, through which users can remotely access the device and its stored files. Although the product hasn’t been supported for years, that doesn’t mean that users didn’t have important, sensitivity data stored on the My Book Live. It’s not unusual for users to have no backups or just a single backup. It’s currently unclear if malicious actors can access your files or just delete them.
Western Digital told Bleeping Computer that WD doesn’t believe that its servers were compromised. WD also said that it believes the devices were compromised through an ‚unpatched vulnerability.‘ Bleeping Computer writes, ‚It is believed that a threat actor performed a mass scan of the Internet for vulnerable devices and used this vulnerability to issue the factory-reset command.‘
|Western Digital statement|
Again, if you have a My Book Live device, disconnect it immediately and keep an eye on Western Digital’s support pages. Some affected users have had some success recovering files using the PhotoRec file recovery tool. However, others have not been so lucky.