There’s a problem with Western Digital (WD) My Book Live devices, with users reporting data being wiped from the devices.
Before we start, if you have a WD My Book Live or My Book Live Duo on the list below, you should definitely go and disconnect it from the internet right now.
Now. The reason you did that is that last week users reported (via Bleeping Computer) waking up to find their My Book Live completely wiped and reset. The reports prompted WD to issue the advisory for customers to immediately disconnect their devices from the internet.
The issue is affecting users globally, including EFTM reader Mark who noticed his My Book Live acting strangely last week. Mark logged in to find his device reset, and unaware of the broader issues affecting the My Book Live devices took his to a professional to be recovered – which has been unsuccessful so far. Mark has unfortunately lost his iTunes and video libraries, but as with most data you’re never really sure until you need it.
The experience has also been mirrored on the WD support forums, with a fairly extensive thread showing a large number of users reporting similar results.
Overnight, WD has updated their advisory listing CVE-2021-35941, which says the My Book Live Firmware is vulnerable when remote access is enabled. The vulnerability ‘allows an attacker to factory reset the device without authentication’.
A further analysis by Ars Technica and Derek Abdine, CTO of security firm Censys, found another vulnerability had also been exploited. The exploit has been tied to an unauthenticated zero-day vulnerability which meant the call to run the factoryRestore.sh script did not require authentication, with the lines which would normally request a password commented out by a Western Digital developer according to Ars.
A blog post by Censys postulated why the reset happened saying ‘it could be an attempt at a rival botnet operator to take over these devices or render them useless (it is likely that the username and password are reset to their default of admin/admin, allowing another attacker to take control), or someone who wanted to otherwise disrupt the botnet which has likely been around for some time, since these issues have existed since 2015.’
In terms of What Now? Western Digital advises owners to ‘Immediately disconnect your My Book Live and My Book Live Duo from the Internet to protect your data from ongoing attacks’.
Western Digital has said that any My Book Live or My Book Live Duo owners who lost data in the attacks, will be offered recovery services – so if you’ve been affected, it’s definitely worth lodging a support ticket. Additionally Western Digital will offer a trade-in program to upgrade them to a supported My Cloud device – with details on how customers can take advantage of both offerings to be advised.
The issue is fairly serious, data can be highly personal and volatile, so losing it can be a big deal and this has surely shaken the faith some users had in Western Digital. At this stage, you should definitely unplug your My Book or My Book Duo from the internet, and as soon as Western Digital announce details of their trade-in and data recovery programs we’ll let you know
Daniel has been talking about, learning about and using tech since he was able to toggle switches and push buttons. If it flashes, turns on or off or connects he wants to use it, talk about it and learn more about it. Like this article? Buy me a coffee!
If you're still catching up on Quantum Dots, OLED, Mini LED and are thinking that…
The NBN is getting ready to lock in the final stage of the Fibre to…
BMW has revealed the first new model to be designed and engineered under their 2025…
The SwannBuddy4K Video Doorbell with SwannShield™AI Voice Assistant has been given an Honouree accolade for…
Reolink is a bit of an upstart when it comes to home security but having…
LG has announced its vision for AI-powered living at IFA 2025 under the moniker “LG…