Western Digital: "Unplug your device."
-
[WD My Book NAS devices are being remotely wiped clean worldwide(https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/)
Western Digital My Book NAS owners worldwide found that their devices have been mysteriously factory reset and all of their files deleted.
WD My Book is a network-attached storage device that looks like a small vertical book that you can stand on your desk. The WD My Book Live app allows owners to access their files and manage their devices remotely, even if the NAS is behind a firewall or router.
Today, WD My Book owners worldwide suddenly found that all of their files were mysteriously deleted, and they could no longer log into the device via a browser or an app.
When they attempted to log in via the Web dashboard, the device stated that they had an "Invalid password."
"I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity," a WD My Book owner reported on the Western Digital Community Forums.
"The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck."
f you own a Western Digital My Book NAS device, it is strongly advised that you disconnect it from the network until we learn more about what is happening.
Update 5:45 PM EST: Western Digital told BleepingComputer that they are actively investigating the attacks but do not believe it was a compromise of their servers.
They believe that attacks were conducted after some of the My Book owners had their accounts compromised.
"Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available." - Western Digital
However, their statement doesnt explain how so many account were breached at approximately the same time.
