Posted on June 28, 2021 at 9:23 AM
Threat Actors Discovered wiping Western Digital Drives Remotely
The MyBook Live hard drives of Western Digital have been trusted by many for years, but it seems hackers have been able to impact users’ devices. MyBook Live owners have been reported series of issues as they work up discovering that their devices have been wiped clean.
The company’s MY Book Live storage enables people to store terabytes of data, including documents, photos, and videos. The platform allows the users to have access to these files both on a home network and across the web.
But a vulnerability has left the devices susceptible to attack. The company has received thousands of reports complaining that their data are being wiped out remotely. Some of the victims let out their frustrations known on the Western Digital support forum.
“I have just found that somehow all the data on it is gone today,” one of the victims stated. Others soon replied to the initial message on the forum claiming that they have been affected too.
Users are advised to take their devices offline
Western Digital has also responded to user’s queries, advising them on its website that they should take their devices offline.
With devices such as MyBook that can contain multiple terabytes of data that date back years of family photos and important documents, it will be a massive loss for the victims. The most frustrating thing is the fact that there is little hope of recovery.
The victims also noted that the passwords used in securing their MyBook Live are no longer active. Those who tried to log in to the administration web pages of MyBook Live were greeted with an “invalid password” error. Even the “admin” password of Western Digital did not work.
And it seems the attack is still ongoing as more reports are still being received on the company’s community forums.
Users’ password reset to factory settings
Some of the users discovered something appalling after sharing log files from their devices. They discovered that their MyBook Live and Live Due have received a factory reset instruction without their notice. The users say they didn’t reset their passwords to factory settings and are perplexed about what happened.
Western Digital says it is investigating the issue and has released a bulletin in that regard.
The company says there is no evidence yet that the hackers infiltrated its cloud infrastructure. Western Digital says the firmware servers were not infiltrated in a supply chain attack, which was the case with the infamous hack of SolarWinds.
The company also stated that it doesn’t think that the issue is a result of compromised user credentials as there is no evidence of such.
However, Western Digital explained a scenario that could have led to the problem. According to the firm, the threat actors may have located the exposed drives to the internet by carrying out port scans. It noted that the impacted devices were probably exposed through port forwarding or direct connection that was facilitated either automatically or manually.
But since the exposed device has been exploited, the threat actors exploited the “remote command execution bug that triggered the factory reset.
It’s also thought that the said bug may have been existing since 2018. Presently, the only way to defend against the bug is to completely disconnect it from the internet. Users can configure a firewall or router to prevent access from threat actors remotely.
Some users have recovered their deleted files
According to Bleeping Computers, some of the users have succeeded in gaining back their deleted files via the free PhotoRec app.
One of the users who succeeded in the recovery has told other users to try the process. The method is non-destructive and does not require any technical action to complete, according to the user.
The company has also advised that those who have Western Digital MyBook Live ensure that their remote access is disabled.
The My Book Live series was rolled out in 2010 and the device received its last firmware update six years ago.