In the latest developments, Western Digital’s WD My Book devices have faced an unusual issue where owners of the NAS devices reported that their devices had been factory reset and all their files deleted.
WD My Book unusual data reset occurring at the same time:
American computer hard disk drive manufacturer and data storage company Western Digital produces WD My Book which is a network-attached storage device that looks like a small vertical book that you can stand on your desk. The WD My Book Live app allows owners to access their files and manage their devices remotely, even if the NAS is behind a firewall or router.
NAS stands for Network Attached Storage which is a storage device connected to a network that allows storage and retrieval of data from a central location for authorized network users and varied clients.
However, WD My Book owners from all around the globe reported that they abruptly found all their files and subsequent data effectively deleted. Further, it also appeared that the users were rendered unable to log into their WD my Book using the app or browser.
If an attempt was made by the users to log in using the Web dashboard, the device stated that the user had an “Invalid password.”
WD My Book owners’ personal statements:
“I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity,” a WD My Book owner reported on the Western Digital Community Forums.
“The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck.”
Once additional WD My Book owners also confirmed that their devices faced the same issue, owners reported that the MyBook logs showed that the devices received a remote command to perform a factory reset starting at around 3 PM yesterday and through the night.
A live testimony provides the following timeline of the occurrence:
“I have found this in user.log of this drive today:
Jun 23 15:14:05 My BookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 My BookLive shutdown: shutting down for system reboot
Jun 23 16:02:26 My BookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 My BookLive _: pkg: wd-nas
Jun 23 16:02:30 My BookLive _: pkg: networking-general
Jun 23 16:02:30 My BookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 My BookLive _: pkg: date-time
Jun 23 16:02:31 My BookLive _: pkg: alerts
Jun 23 16:02:31 My BookLive logger: hostname=My BookLive
Jun 23 16:02:32 My BookLive _: pkg: admin-rest-api
Possibilities of remote hacker attack:
The above WD My Book log is speculative enough in nature in regards to the unknown causes of the sudden data reset phenomenon.
Concerned users have put forth the possibility of the servers getting hacked that may have allowed malicious entities to deploy a remote factory reset command to all the devices which were part of the service network.
However, it is to be noted that if an adversary, did in fact, delete the data from all the devices, it is peculiar considering that there was no reporting of ransom notes or other threats. This directs the possibility that the attacks were intended to be destructive.
Western Digital addresses the issues:
Western Digitial, while privately addressing the WD My Book issue that has ensued worldwide, stated that they have initiated an investigation of the attacks, however, they adhere from believing that the incident was the result of a compromise. They believe that attacks were conducted after some of the My Book owners had their accounts compromised.
But, peculiar cases of the WD My Book incident have reported that the incident occurred when the owners were not even home to examine the devices. Western Digital’s statements also fail to detail how so many accounts were compromised at the same time.
“Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available.” states Western Digital.