Attacks Erase Western Digital Network-Attached Storage Drives
Companies and individuals operating older models of Western Digital network-attached storage (NAS) drives suffered from what appears to be an attack that exploited a 2018 vulnerability. The exploit reset the drives to factory defaults and deleted data, according to customer comments and statements made by the company. Western Digital suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices, recommending that customers turn off the drives to protect their data.
Western Digital confirmed that many customers of its WD My Book Live and My Book Live Dio storage appliances suffered compromises through a remote code execution vulnerability. The attack appeared to happen on June 23 and 24, when drives were reset, according to log files posted to the company’s support forum. Following the attack, the default password does not seem to work on the drives, even after the factory reset. One user stated that he had a WD My Book Live connected to a home LAN that operated fine for years, until he found that all of the data on it was gone around June 24.