Hackers are remotely erasing internet-connected WD My Book Live Hard Drives

Published Jun 27, 2021

No headings found

Owners of Western Digital (WD) My Book Live hard drives are claiming that a remote data wipe has totally erased their storage devices. The WD My Book is a network-attached storage device, and the WD My Book Live app allows users to remotely access and controls their devices. The firm believes the device's internet connectivity was the major cause of the remote data wipe.

WD My Book Live Hard Drives remote data wipe:

WD My Book Live devices range in storage size from 2TB to 24TB. Users on the Western Digital forums have reported that their data has been completely wiped. Even when they attempt to log in and access their disk, the remote management dashboard shows "Invalid password."

User reports

One of the users of My Book wrote that “It is very scary and devastating that someone can do a factory restore on my drive without any permission granted from the end-user”.He also included a section of his system log, which clearly shows a factory reset at 3 p.m. on June 23rd.

Following him, other people claimed that the same thing happened to their drive. Further, when they checked their system log, the same factory reset command has been used on the drive.

Also Read:
- ICT Award 2021 opens online nominations for 11 diverse categories
- Realme Smart TV Full HD 32” launched with 24W Dolby Audio speakers

Western Digital Replies

According to a WD community post, the affected drives include WD My Book Live and WD My Book Live Duo. They were initially introduced in 2010, and the most recent firmware upgrade was in 2015. However, the firm has not revealed how many of them are now in use. Moreover, WD confirmed on its website that the devices' internet access was what allowed them to be remotely erased. Further, the company added that the access was gained either through a direct connection or by port forwarding, which was activated either manually or automatically via UPnP. Additionally, logs on some devices reveal that a trojan named “.nttpd,1-ppc-be-t1-z” was running on the device. It is a Linux ELF binary compiled for the PowerPC architecture and is used by the My Book Live and Live Duo.

Temporary solution

At the moment, the company advises customers to disconnect the My Book Live drives from the internet. Besides this, the company said that some individuals were able to recover data using the data recovery tool. Thus, Western Digital is looking into the efficiency of these solutions.

Meanwhile, check out our camera comparison of IQOO 7 vs Realme X7 Max vs Mi 11X.

Article Last updated: June 27, 2021

Best Tech Deals

No Active Polls

There are currently no polls available. Check back later for new polls to participate in!

Polls will appear here when available

How did we do with this article?

Conversation

We’d love to hear your thoughts! Let's keep it respectful and on-topic. Any inappropriate remarks may be removed. Happy commenting! Privacy Policy

Be the first to share your thoughts-start the conversation!

Latest Articles

Best Tech Deals

No deals available.

Check back later for exciting deals!