WD MyBook Live devices are deleting data, definitely unplug yours now

There’s a problem with Western Digital (WD) My Book Live devices, with users reporting data being wiped from the devices.

Before we start, if you have a WD My Book Live or My Book Live Duo on the list below, you should definitely go and disconnect it from the internet right now.

Affected Models

Now. The reason you did that is that last week users reported (via Bleeping Computer) waking up to find their My Book Live completely wiped and reset. The reports prompted WD to issue the advisory for customers to immediately disconnect their devices from the internet. 

The issue is affecting users globally, including EFTM reader Mark who noticed his My Book Live acting strangely last week. Mark logged in to find his device reset, and unaware of the broader issues affecting the My Book Live devices took his to a professional to be recovered – which has been unsuccessful so far. Mark has unfortunately lost his iTunes and video libraries, but as with most data you’re never really sure until you need it.

The experience has also been mirrored on the WD support forums, with a fairly extensive thread showing a large number of users reporting similar results.

Overnight, WD has updated their advisory listing CVE-2021-35941, which says the My Book Live Firmware is vulnerable when remote access is enabled. The vulnerability ‘allows an attacker to factory reset the device without authentication’. 

A further analysis by Ars Technica and Derek Abdine, CTO of security firm Censys, found another vulnerability had also been exploited. The exploit has been tied to an unauthenticated zero-day vulnerability which meant the call to run the factoryRestore.sh script did not require authentication, with the lines which would normally request a password commented out by a Western Digital developer according to Ars.

A blog post by Censys postulated why the reset happened saying ‘it could be an attempt at a rival botnet operator to take over these devices or render them useless (it is likely that the username and password are reset to their default of admin/admin, allowing another attacker to take control), or someone who wanted to otherwise disrupt the botnet which has likely been around for some time, since these issues have existed since 2015.

In terms of What Now? Western Digital advises owners to ‘Immediately disconnect your My Book Live and My Book Live Duo from the Internet to protect your data from ongoing attacks’.

Western Digital has said that any My Book Live or My Book Live Duo owners who lost data in the attacks, will be offered recovery services – so if you’ve been affected, it’s definitely worth lodging a support ticket. Additionally Western Digital will offer a trade-in program to upgrade them to a supported My Cloud device – with details on how customers can take advantage of both offerings to be advised. 

The issue is fairly serious, data can be highly personal and volatile, so losing it can be a big deal and this has surely shaken the faith some users had in Western Digital. At this stage, you should definitely unplug your My Book or My Book Duo from the internet, and as soon as Western Digital announce details of their trade-in and data recovery programs we’ll let you know

Recent Posts

  • Motoring

Speeding fines – A new survey reveals exactly why we don’t learn our lesson

A new survey commissioned by dash cam manufacturer Navman has revealed the major reasons why…

13 hours ago
  • Tech

Australia’s Triple Zero Custodian slacking off on the simple task of public awareness

For my sins I've spent much of today listening to politicians grandstanding in a Senate…

14 hours ago
  • Lifestyle

Ecovacs goes outdoors in Australia, robotics for the Lawn, Pool and Exterior Windows

Having dominated the Australian home for almost a decade now with robot vacuum cleaners Ecovacs…

15 hours ago
  • Lifestyle

The Best Movies You’ve Never Seen podcast – Contact

A brilliant astronomer discovers a mysterious signal from deep space that may prove humanity is…

15 hours ago
  • Tech

Amazfit heads downunder with Australian digital storefront bringing new range of smart wearables

Smart wearable company Amazfit has arrived in Australia, bringing their range of wearable tech to…

20 hours ago
  • Tech

Telstra outage was maintenance error, more Triple Zero numbers revealed in Government submission

Telstra has today provided a comprehensive update and timeline of the events of last week's…

21 hours ago