Western Digital My Book NAS owners around the world have reported that their devices have mysteriously reset and all of their files were deleted.
The WD My Book is a small network-attached storage (NAS) device that looks like a book that can stand vertically on your desk. Its native app – WD My Book Live – allows users to access and manage their files remotely. Users often store music or large design files on these NAS devices.
Western Digital Corporation is a well-known and reputable California-headquartered manufacturer of computer hard disk drives and data storage devices. In a surprise twist of fate, its slogan “Put your life on it” suddenly got a sinister meaning.
Today, many WD My Book owners reported that all their files were gone from these devices. It appears that all the files on the device were deleted. This issue affected users in over 40 countries. Besides that, they lost access to their accounts.
“I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity,” a WD My Book owner reported on the Western Digital Community Forums.
When the user tried to log in to the Web dashboard, the device displayed an invalid password error.
“The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck.”
My Book owners reported that according to logs, their devices performed a factory reset yesterday around 3 am at night, which lasted for several hours.
Unlike QNAP devices, the My Book devices are protected by a firewall and are not connected to the Internet, therefore not exposed to attacks. They can be remotely accessed only through My Book Live’s cloud servers. Therefore, some users have raised concerns that Western Digital’s servers were hacked and hackers then sent a remote factory reset command to gain access to their devices.
The purpose of the attack seems to be destruction, as the threat actor only wiped the devices clean and no one reported ransom demands.
Western Digital told that they are investigating the incidents, and they do not believe that their servers had been compromised. They believe that the attacks were carried out by individuals who had gained access to the victims’ accounts.
If true, this could have happened because the affected users did not change their default passwords.
If you own a Western Digital NAS device, it is strongly recommended that you change your password and disconnect My Book from the network until it is investigated what is happening.