Owners of WD My Book Live NAS devices are advised to immediately disconnect their devices from the Internet after multiple users who own the network-attached storage device reported that all their files had been deleted and, in some cases, factory reset.
Some users initially reported on Western Digital's support forum that they suddenly lost all their data stored on the WD My Book Live devices.
“I have a WD mybook live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity,” one of the affected users complained on the company’s community forum. “The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck. There seems to be no change to retrieve or reset password on this landing page either.”
Some users said that their device received a remote command to perform a factory reset. One user posted a copy of their log showing unusual beh * avior:
"I have found this in user.log of this drive today:
Jun 23 15:14:05 My BookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 My BookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 My BookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 My BookLive _: pkg: wd-nas Jun 23 16:02:30 My BookLive _: pkg: networking-general
Jun 23 16:02:30 My BookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 My BookLive _: pkg: date-time Jun 23 16:02:31 My BookLive _: pkg: alerts
Jun 23 16:02:31 My BookLive logger: hostname=My BookLive
Jun 23 16:02:32 My BookLive _: pkg: admin-rest-api
I believe this is the culprit of why this happens…No one was even home to use this drive at this time…"
In a statement Western Digital acknowledged the issue and said that it is actively investigating the incident. While some of the affected owners expressed concerns that Western Digital's servers were hacked, the company denied it was the cause and said instead that malware was the culprit.
“Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important,” the company said.
“At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available,” the company added.