Data in some WD My Book Live NAS devices erased by malicious software

Western Digital’s Network-attached storage (NAS) devices are popular among users worldwide. Recently, some users of the company’s WD My Book Live device suffered a loss of data caused by malicious software remotely.

Users were not able to log in to their NAS Dashboard through the web or app as the landing box was showing “Invalid password”. The user.log file reveals that a factory reset command was issued which erased all the data on the NAS devices remotely. The company said that the NAS devices were compromised using an unpatched vulnerability and to recall, these devices received the final firmware update back in 2015.

While few users were able to recover the deleted files, most of the other users were not able to. Western Digital recommends MyBook Live device users disconnect the NAS from the Internet to protect the data on their device. Further, the company said that it is actively investigating and will provide updates when they are available.

Western Digital in its community thread said,

Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available.

Source 1, 2