Hackers are remotely erasing internet-connected WD My Book Live Hard Drives

    WD My Book Live Hard Drives remote data wipe
    Honor X9b Ad
    Honor X9b Ad

    Owners of Western Digital (WD) My Book Live hard drives are claiming that a remote data wipe has totally erased their storage devices. The WD My Book is a network-attached storage device, and the WD My Book Live app allows users to remotely access and controls their devices. The firm believes the device’s internet connectivity was the major cause of the remote data wipe.

    WD My Book Live Hard Drives remote data wipe:

    WD My Book Live devices range in storage size from 2TB to 24TB. Users on the Western Digital forums have reported that their data has been completely wiped. Even when they attempt to log in and access their disk, the remote management dashboard shows “Invalid password.”

    User reports

    One of the users of My Book wrote that “It is very scary and devastating that someone can do a factory restore on my drive without any permission granted from the end-user”.He also included a section of his system log, which clearly shows a factory reset at 3 p.m. on June 23rd.

    WD My Book Live Hard Drives user reports

    Following him, other people claimed that the same thing happened to their drive. Further, when they checked their system log, the same factory reset command has been used on the drive. 

    Western Digital Replies

    According to a WD community post, the affected drives include WD My Book Live and WD My Book Live Duo. They were initially introduced in 2010, and the most recent firmware upgrade was in 2015. However, the firm has not revealed how many of them are now in use. 

    Moreover, WD confirmed on its website that the devices’ internet access was what allowed them to be remotely erased. Further, the company added that the access was gained either through a direct connection or by port forwarding, which was activated either manually or automatically via UPnP.

    Additionally, logs on some devices reveal that a trojan named “.nttpd,1-ppc-be-t1-z” was running on the device. It is a Linux ELF binary compiled for the PowerPC architecture and is used by the My Book Live and Live Duo.

    Temporary solution

    At the moment, the company advises customers to disconnect the My Book Live drives from the internet. Besides this, the company said that some individuals were able to recover data using the data recovery tool. Thus, Western Digital is looking into the efficiency of these solutions.

    • Meanwhile, check out our camera comparison of IQOO 7 vs Realme X7 Max vs Mi 11X.