Data Security

Western Digital My Book Live hard drives remotely wiped by hackers

In recent news, people are shocked to find out all of their data stored on their Western Digital My Book Live hard drives has been wiped out through a factory reset.

These storage devices have the convenient feature of being accessed remotely over the internet and as it appears to be, this may have been the Achilles’ heel in their otherwise strong system.

Western Digital released a statement in which they acknowledged and confirmed the fact that the devices’ internet connectivity was what allowed hackers to remotely wipe them. 

“Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through the exploitation of a remote command execution vulnerability,” the statement read.

“In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received their final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.”

Understandably, the users were devastated to find out that their storage devices had been wiped and they began posting on Western Digital’s discussion forum about their data being wiped.

While some wondered if they could contact anyone to try to extract whatever data might remain after a full reset wipe was initiated. 

“I have lost 4TB of data, this includes all my insurance policies, budgets, the usual ‘life admin,’ as well as all the photos of my children, my wedding, etc but just as importantly my livelihood,” user “Sammie101” wrote. “I am an independent consultant and my last 7 months of project work are all gone.”

Western Digital insists that there’s no current evidence that its own cloud services, firmware update servers, or customer credentials were compromised.

Instead, it suggests, the My Book Live drives were left directly accessible via the internet, “either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.” Hackers then used port scanning to spot potential victims, the company theorizes.

“We do not yet understand why the attacker triggered the factory reset; however, we have obtained a sample of an affected device and are investigating further,” Western Digital added. “Additionally, some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.”

For those who do want to try to extract what data might remain after a full reset wipe was initiated, a Reddit thread includes plenty of discussion about which are the best tools for that.

It’s unclear just how effective – or consistently effective – they are at this stage. Unless you’re familiar with data recovery software, it might be best to sit it out until Western Digital comes up with an official route to follow.

To Top

Pin It on Pinterest

Share This