A malware wiped out data of users using storage solutions major Western Digital’s devices.
The company is advising its customers who use its My Book Live and My Book Live Duo products to disconnect them from the internet.
In a statement, the company said “Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through the exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.”
They further added that they are reviewing log files that they have received from affected customers to further characterise the attack and the mechanism of access.
The log files that they have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.
“Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning,” the company added.
The attacker triggered the factory reset, however, the company has obtained a sample of an affected device and is investigating further.
Some customers had reported that data recovery tools may be able to recover data from affected devices, and the company is also investigating the effectiveness of these tools.
The My Book Live series was introduced to the market in 2010 and these devices received their final firmware update in 2015.
The company has recommended its users to disconnect the My Book Live and My Book Live Duo from the Internet to protect the data on their devices.
The company also added that the My Cloud OS 5 and My Cloud Home series are not affected by this breach as they use newer security architecture and have recommended that the My Cloud OS 3 customers should upgrade to OS 5 in order to continue receiving the latest security updates.
On Thursday, a number of users started threads on the WD community forum stating they were unable to access their data. One such thread received over 150 replies within a day after it was posted, including from users who said they had lost years’ worth of photos, documents, and data, a media report added.
The report further added that some posted user logs showing that their devices had been restored to factory settings, while others said the passwords they used to access the drive were no longer working.
My Book Live, which was launched in 2010, is a personal network-attached storage device that allows users to access their files from different devices connected to the same network, or remotely over the Internet.
