PSA: If you have a Western Digital My Book Network drive - unplug it now before it gets wiped.

Forums › Desktop computing › PSA: If you have a Western Digital My Book Network drive - unplug it now before it gets wiped.

turtleattacks

1008 posts

Uber Geek
+1 received by user: 305

Trusted

#288392 25-Jun-2021 15:17

Looks like that users around the world are getting their hard drives remotely wiped.

https://community.wd.com/t/help-all-data-in-mybook-live-gone-and-owner-password-unknown

https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/

----

Creator of whatsthesalary.com and whatstheincometax.com

1 | 2

4015 posts

Uber Geek
+1 received by user: 1851

ID Verified

Trusted

Lifetime subscriber

#2734540 25-Jun-2021 16:13

Thank you @turtleattacks for bringing this to our attention. I've been reading through the threads and will be interested to hear the outcome of this. In the meantime, there are going to be quite a nunber of upset WD customers.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

alasta

6888 posts

Uber Geek
+1 received by user: 3362

Trusted

Subscriber

#2734648 25-Jun-2021 18:48

This raises interesting questions around backup strategy. Imagine if you had all of your files duplicated across two of these devices and thought that you had data redundancy?

This is why I like to have all of my files on my laptop, on iCloud, and on an external hard drive. It ensures one backup is temporal, another backup is offsite, and the two backups are on completely different technology platforms.

Behodar

11093 posts

Uber Geek
+1 received by user: 6070

Trusted

Lifetime subscriber

#2734660 25-Jun-2021 19:08

https://nvd.nist.gov/vuln/detail/CVE-2018-18472

It's a security issue rather than, say, a bug in the software that triggers a delete when the clock hits a certain point. It seems that the bug's been known about for two years, given the creation date of that CVE!

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2734881 26-Jun-2021 10:11

It seems attackers are using a vulnerability disclosed back in 2018... Never patched by WD: MyBook Users Urged to Unplug Devices from Internet – Krebs on Security

Companies like this are the reason we can't have nice things.

But also, leaving these devices exposed to the Internet is dumb.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

JaseNZ

2576 posts

Uber Geek
+1 received by user: 1489

ID Verified

Lifetime subscriber

#2734957 26-Jun-2021 11:04

Can see the lawyers rubbing their hands together now.

Class action ching ching

Ding Ding Ding Ding Ding : Ice cream man , Ice cream man

Rikkitic

Awrrr
19062 posts

Uber Geek
+1 received by user: 16302

Lifetime subscriber

#2734958 26-Jun-2021 11:07

I have read some pretty tragic stories on the WD forum. I don't understand how people can entrust their entire lives to any single back-up source, especially one that is on-line, but losing everything that matters to you is a pretty high price to pay for being dumb/naive/lazy. I feel genuinely sorry for those burned by this. I think WD also deserves a big dose of shame. I hope they can somehow be made liable and have to pay huge damages, even if it is a legacy product. They can't just walk away from this.

Plesse igmore amd axxept applogies in adbance fir anu typos

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

JaseNZ

2576 posts

Uber Geek
+1 received by user: 1489

ID Verified

Lifetime subscriber

#2735015 26-Jun-2021 14:00

Rikkitic:

I have read some pretty tragic stories on the WD forum. I don't understand how people can entrust their entire lives to any single back-up source, especially one that is on-line, but losing everything that matters to you is a pretty high price to pay for being dumb/naive/lazy. I feel genuinely sorry for those burned by this. I think WD also deserves a big dose of shame. I hope they can somehow be made liable and have to pay huge damages, even if it is a legacy product. They can't just walk away from this.

I agree but not everybody has the mind set of most of the members on here and they think nothing will ever happen.

They would not expect for a remote wipe of their drives, I would be pretty pissed if it was me.

Ding Ding Ding Ding Ding : Ice cream man , Ice cream man

Dratsab

3964 posts

Uber Geek
+1 received by user: 1728

Trusted

Lifetime subscriber

#2735330 27-Jun-2021 12:12

Email received from WD this morning.
-------------------------
Our records indicate that you registered a My Book Live or My Book Live Duo device. To protect your data on the device from ongoing attacks, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet and access your data locally by following these instructions on our Knowledge Base.

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning.

We understand your data is very important. Some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.

We are continuing our investigation and will post the latest information about this incident on our Product Security Portal. For further assistance, you can contact our Customer Support team.
-------------------------
I'm out and about and on my mobile for the next little while. I'll edit this post and include the links in about an hour, unless someone beats me to it.

I had my device linked to MyCloud and could access it via a mobile through WD's apps but shut all this access down a couple of years back due to the lack of updates. So, fortunately, I've had no issues. It was being used as an email storage device but not anymore. Could be time to rip the hard drive out of the case and use it in a computer.

Edit: links added

kingjj

1730 posts

Uber Geek
+1 received by user: 450

ID Verified

Trusted

#2736989 30-Jun-2021 17:38

Further email received today from WD. Its nice to see WD coming to the party to help with data recovery. I'm interested to see what they'll offer on a tradein for a My Cloud product - although wouldn't be surprised if that's US/EU only. Emphasis below is there's. I've been looking to upgrade our My Book Live for a few years so this has given me the rocket I needed.

Western Digital has an important announcement for registered My Book Live or My Book Live Duo customers.

Immediately disconnect your My Book Live device from the Internet to protect your data from ongoing attacks. You can disconnect the device and continue to access your data locally by following these instructions on our Knowledge Base.

Some My Book Live devices connected to the Internet are being compromised by attackers and in some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

We are here to help. Although this product family is no longer sold or supported by Western Digital, we know some of our customers have been impacted and we want to help. If you have lost your data as a result of these attacks, we will provide data recovery services which will be available beginning in July.

We know how important your data is to you and are committed to helping you protect it. We are launching a trade-in program that will allow you to upgrade from your My Book Live to one of our supported My Cloud devices.

We will provide details about how to take advantage of these programs in a separate email.

In case you are concerned about other products and services from Western Digital, our investigation of this incident has not found any evidence that our cloud services, firmware update servers, or customer credentials were compromised. The vulnerabilities being exploited are limited to the My Book Live devices, which were introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.

The latest information about this incident will be available on our Product Security Portal. If you need any additional help, please contact our Customer Support team.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#2737006 30-Jun-2021 18:03

VPN services really do need to become a standard function of every domestic router. Ban uPnP, put up warnings on port forwarding.

You're not on Atlantis anymore, Duncan Idaho.

kingjj

1730 posts

Uber Geek
+1 received by user: 450

ID Verified

Trusted

#2740575 7-Jul-2021 14:10

Latest email from WD. Offers a 40% tradein and free data recovery services for those who need it (including free postage).

Hello My Book™ Live/My Book Live Duo Customer,

If you are a My Book Live or My Book Live Duo customer, we are offering the following limited time offer:

Trade-In Offer:

Western Digital is offering current registered My Book Live or My Book Live Duo customers a trade-in discount of 40% off a select new My Cloud™ Home personal cloud storage or My Cloud EX2 Ultra 2-bay network attached storage device. For more information regarding the trade-in offer for eligible devices, please visit My Book Live and My Book Live Duo: Trade-In Offer.

Additionally, if you are a My Book Live or My Book Live Duo customer that has lost data as result of the recent security incident, we are here to help you by offering the following service.

Data Recovery Service (“DRS”) Offer:

Western Digital will help to recover your data using the data recovery services provided by a Western Digital-selected vendor. Western Digital will cover all the costs of shipment of the qualifying product to the DRS vendor and for the DRS. Recovered data, if any, will then be sent to you on one or more My Passport™ portable hard drives. For a list of qualifying products and eligibility requirements, please visit My Book Live and My Book Live Duo: Data Recovery Offer.

At Western Digital, we strive to continually improve our products and customer experiences. To take advantage of either of these services, or if you have any questions, please contact our Western Digital Support Team.

Sincerely,

Western Digital

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

wellygary

8810 posts

Uber Geek
+1 received by user: 5287

#2740584 7-Jul-2021 14:27

kingjj:

Latest email from WD. Offers a 40% tradein and free data recovery services for those who need it (including free postage).

The products listed for the Tradein don't appear to be widely stocked ( if at all) in NZ...

You used a few years ago) to be able to WD "My" products pretty much everywhere, but not now....

kingjj

1730 posts

Uber Geek
+1 received by user: 450

ID Verified

Trusted

#2740598 7-Jul-2021 14:51

wellygary:

kingjj:

Latest email from WD. Offers a 40% tradein and free data recovery services for those who need it (including free postage).

The products listed for the Tradein don't appear to be widely stocked ( if at all) in NZ...

You used a few years ago) to be able to WD "My" products pretty much everywhere, but not now....

Yeah out of interest I did a hunt and couldn't find any retailer selling their NAS range in NZ. I'm looking at going with another provider but will contact WD support to see what their solution would be: "Some products may not be available in every country. In such instances, Western Digital Support will identify an alternative for the customer."

Dratsab

3964 posts

Uber Geek
+1 received by user: 1728

Trusted

Lifetime subscriber

#2740665 7-Jul-2021 15:49

kingjj: Latest email from WD. Offers a 40% tradein and free data recovery services for those who need it (including free postage).

<snip>

Just checked my emails, came here to post the same :-)

kingjj: Yeah out of interest I did a hunt and couldn't find any retailer selling their NAS range in NZ. I'm looking at going with another provider but will contact WD support to see what their solution would be: "Some products may not be available in every country. In such instances, Western Digital Support will identify an alternative for the customer."

I'll be contacting WD Support as well 👍

NzVanFan

69 posts

Master Geek
+1 received by user: 2

Trusted

#2748937 23-Jul-2021 21:17

Anyone had any update on their support call yet? I've been registered for the trade in programme since 9 July. Getting updates that are basically "we've escalated your case and will be in touch soon" - makes me wonder if they haven't got an answer in place for NZ customers yet.

1 | 2