“It is very scary and devastating that someone can do factory restore on my drive without any permission granted from the end user,” wrote one user.
Hard drive manufacturer Western Digital recommended that My Disk external hard drive owners unplug them from the internet until further notice, after a flood of customers complained in a support forum that all their data had been mysteriously deleted, according to Ars Technica.
“I have a WD mybook live connected to my home LAN and worked fine for years,” wrote the person who started the thread. “I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity.”
“All my data is gone too,” another user responded. “I am totally screwed without that data… years of it.”
Multiple users reported that the data loss coincided with a factory reset that was performed on their devices. One person posted a log that showed unexplained behavior occurring on Wednesday:
Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api
“I believe this is the culprit of why this happens,” the person wrote. “No one was even home to use this drive at this time.” -Ars Technica
While the standard My Book storage device connects to computers via USB, the My Book Live uses an ethernet cable to access the local network, from which owners can access their files remotely and make configuration changes through the Western Digital cloud. The company stopped supporting the product in 2015.
In response to the forum thread, Western Digital advised customers to disconnect their My Book Live devices while the company investigates.
The incident is under active investigation from Western Digital. We do not have any indications of a breach or compromise of Western Digital cloud services or systems.
We have determined that some My Book Live devices have been compromised by a threat actor. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015.
At this time, we are recommending that customers disconnect their My Book Live devices from the Internet to protect their data on the device.
We have issued the following statement to our customers and will provide updates to this thread when they are available: https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147
Ars Technica suggests that “Reading between the lines, Western Digital’s statement seems to be saying that customer accounts were individually compromised. The advice to unplug devices while the investigation continues is warranted, and users should follow it as soon as possible.”
“It is very scary and devastating that someone can do factory restore on my drive without any permission granted from the end user,” wrote one user. “I need a remedy to this issue immediately as this is already incurring a great cost to me.”