Western Digital My Book Users Report for NAS Servers Worldwide All your information has been removed remotely and without consentAnd the Picks sleeping computer.
A book NAS allows users to access their information and manage device access with a simple application. However, on Friday, users discovered that their servers had been reset to factory settings, resulting in file loss. In addition, they cannot access their device, neither in the app nor through the browser, using the “invalid password” screen when they try to access it. Even when trying the default password, the NAS denied user access, according to a user who shared his experience on WD . Forums.
On the same forums, another user reported that they found in their activity logs that a remote restart command was sent to their device around 3am and all through the early morning:
Jun 24 00:26:53 MyBookLive factoryRestore.sh: Start text:
Jun 24 00:26:53 MyBookLive shutdown: shuts down to restart the system
Jun 24 00:26:53 MyBookLive recorder: Exit from standby after 9674 (since 06-23-2021 21:45: 39.926803414 +0100)
However, the strangeness of the situation explains it sleeping computer, is that the WD My Book NAS is connected to the Internet, but it is stored behind a file Firewall And communication through My Book Live cloud servers, control system, to provide remote access. So this raised concerns that WD servers were being compromised and an attacker sent a factory reset command to all devices connected to the service.
Some users reported that they were able to recover some of their files using the tool Photorek. However, many other people weren’t so lucky in the process.
Western Digital said sleeping computer It is actively investigating the attacks, but also states that it does not believe it was caused by a breach of its servers, and instead is malware:
Western Digital has determined that some My Book Live devices have been compromised by malware. In some cases, this breach led to a factory reset which apparently deleted all the information on the device.
the company itself Recommended in the post Disconnect My Book Live and My Book Live Duo devices from the Internet to prevent data breaches:
At this time we recommend that you disconnect My Book Live and My Book Live Duo from the Internet to protect the information on the device.