Western Digital is advising users to disconnect their My Book NAS devices from the internet, following multiple reports of devices being remotely wiped.
My Book NAS devices are popular external backup options and have the ability to be used on a LAN for remote backup. Unfortunately, on June 23, users started reporting their devices being wiped remotely, according to BleepingComputer.
“I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity,” a WD My Book owner wrote on the WD Community Forums.
“The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for ‘owner password.’ I have tried the default password ‘admin’ and also what I could set for it with no luck.”
A look at the logs show the devices were issued a factory reset command starting around 3 PM June 23, and continuing into the night.
As BleepingComputer points out, it’s unclear where the problem lies. My Book devices, while connected to a LAN, sit behind a firewall, using the My Book Live cloud service to provide remote access. As a result, some users are convinced that only a breach on WD’s end could account for the existing situation.
WD is investigating, but does not believe there was a breach on their end. Instead, they think the devices were compromised via an unpatched vulnerability after being connected directly to the internet.
In the meantime, WD is recommending users disconnected My Book Live and My Book Live Duo devices from the internet in this advisory.