Please login or register.

Login with username, password and session length
 

News:

Happy 2021 !!!


Author Topic: Western Digital MyBooks wiped!  (Read 305 times)

Offline Panther_Gunn

  • Villains' worst nightmare come true
  • Titans
  • Hero Member
  • Posts: 3844
Western Digital MyBooks wiped!
« on: June 25, 2021, 04:13:01 PM »
Time for an ugly PSA:

On June 23rd a Factory Reset command was sent to, seemingly, every Western Digital MyBook Live worldwide, resulting in empty drives and passwords that don't work.  Western Digital is currently investigating the incident, and has advised everyone that has one of these devices to disconnect & power them down, until further notice.

The WD site has a message thread with lots of people lamenting, troubleshooting, making recovery attempts, etc.  The data *may* still be there, *may* be recoverable to some degree, but no consensus yet.  I know a lot of us use external storage for all of our stuff, and these things are pretty popular, so if you have one, even if it's been affected, disconnect it now!  Hopefully someone will figure out something soon, preferably something that won't cost individual users lots of $$.
The Best There Is At What I Do......when I have the time.

Offline Panther_Gunn

  • Villains' worst nightmare come true
  • Titans
  • Hero Member
  • Posts: 3844
Re: Western Digital MyBooks wiped!
« Reply #1 on: June 29, 2021, 07:03:50 PM »
Ars Technica did some digging into log files and published an article on the event this morning.  It seems access was gained through a huge (think barn with no door) 3-year old vulnerability (that WD knew about but did not patch, nor alert their customer base, or even registered users.  Seagate patched the same hole in their devices, however), but the theory is that more than one attacker was at play, as someone had password protected the vulnerability itself.  The Factory Reset, however, was another matter.

In what they surmised as an attempt to wrest control of the rooted devices from one attacker to another, or possibly just deny the first access to the assets, a subsequent attacker initiated the Factory Reset command.  Something they shouldn't have been able to do, if the lines that added password protection to the Factory Reset command hadn't been commented out by WD before they even shipped the devices.

From where I stand, it seems there was a couple levels of ineptitude on WD's part.  I would not be surprised at all to hear of legal action against WD in the very near future over this.
« Last Edit: June 29, 2021, 09:07:23 PM by Panther_Gunn »
The Best There Is At What I Do......when I have the time.