A Hacker Is Remotely Wiping People’s Internet-Connected Hard Drives

Users of Western Digital's WD My Book Live devices are reporting that all of their data has been remotely wiped by hackers exploiting a vulnerability.
June 25, 2021, 3:56pm
A Hacker Is Remotely Wiping People’s Internet-Connected Hard Drives
Image: Western Digital

Users of WD My Book Live hard drives are reporting finding that their storage devices had been completely wiped by a remote factory reset. 

WD My Book Live products, which are manufactured by Western Digital and can have anywhere from 2TB to 24TB of storage, can be accessed remotely over the internet through their My Cloud function. On Thursday, owners of the devices began posting on Western Digital's forums that their data was being wiped. 

Advertisement

“It is very scary and devastating that someone can do factory restore on my drive without any permission granted from the end user,” user “Sunpeak” wrote. They also included a portion of their system log which showed a factory reset happening around 3pm on June 23rd. 

“I have lost 4TB of data, this includes all my insurance policies, budgets, the usual ‘life admin,’ as well as all the photos of my children, my wedding, etc but just as importantly my livelihood,” user “Sammie101” wrote. “I am an independent consultant and my last 7 months of project work is all gone.”

Sammie101 wrote that they hadn’t heard back from Western Digital since reporting the problem and have instead shipped their hard drive to a professional recovery service.

Western Digital did not respond to Motherboard for comment, but the company released a statement confirming that the devices' internet connectivity was what allowed them to be remotely wiped and recommending that users disconnect their drives from the internet. 

"Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability," the statement read. "In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information."

The statement also referred to the National Vulnerability Database, where it stated that all versions of the WD My Book Live have a bug in the remote command function that can be accessed by anyone who knows the device’s IP address. 

In an earlier post on the company's forums, Western Digital blamed the reset on “malicious software.” The intent of the factory reset is unclear since it doesn’t seem like anything other than users’ personal files were impacted, nor is it known who is responsible. It is also unclear how many people have been impacted by the remote factory reset.