Western Digital blames malware for My Book Live devices being wiped remotely

People who own use a Western Digital My Book Live cloud storage device may want to disconnect it from the internet as soon as possible. As first reported by Bleeping Computer, a number of people worldwide who own the network-attached storage device took to the company’s forum to report that all their files had been deleted. Terabytes’ worth of data, years of memories months of hard work vanished in an instant. The users couldn’t even log into WD’s cloud infrastructure for diagnosis, because their passwords were no longer working. 

Several owners looked into the cause of the issue determined that their devices were wiped after receiving a remote commfor a factory reset. The commands starting going out at 3PM on Wednesday lasted throughout the night. One user posted a copy of their log showing how a script was run to shut down their storage device for a factory restore:

Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api

The WD My Book Live devices connect to the internet via an Ethernet cable, owners can use it to wirelessly back up their computers or to access their files from any device. It’s a great solution for homes businesses with multiple computers phones that run different operating systems. 

As Bleeping Computer notes, the storage solution communicates through the My Book Live cloud servers to provide remote access. It’s an old model that hasn’t been updated since 2015, but it’s still protected by a firewall. Some of the affected owners expressed concerns that Western Digital’s servers were hacked, allowing bad actors to send out a remote factory reset commto all devices connected to them.

However, Western Digital blames the incident on malware in a statement it issued to address the situation. The company said some My Book Live devices were compromised, though it didn’t explain how bad actors were able to infiltrate them, that owners should disconnect the storage solution from the internet for now.

The whole statement reads:

“Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understthat our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating we will provide updates to this thread when they are available.”