Western Digital Confirms ‘My Book Live’ Drives Are Being Deleted Remotely

Western Digital Confirms ‘My Book Live’ Drives Are Being Deleted Remotely
How Western Digital's My Book Live hard drives were advertised back in the ancient world of 2011, when they were state-of-the-art technology covered by Gizmodo. (Image: Western Digital/Gizmodo, Fair Use)

Western Digital’s popular My Book Live hard drives are being deleted remotely by an unknown attacker, according to the company. And there’s not much anyone can do at this point but unplug their drives from the internet.

“We have determined that some My Book Live devices have been compromised by a threat actor,” Western Digital’s Jolin Tan told Gizmodo early Friday by email. “In some cases, this compromise has led to a factory reset that appears to erase all data on the device.”

But Western Digital assures users the company’s cloud system hasn’t been compromised though the incident is still under active investigation.

“The My Book Live device received its final firmware update in 2015,” Tan continued. “At this time, we are recommending that customers disconnect their My Book Live devices from the Internet to protect their data on the device.”

Users first reported that their drives had been remotely deleted on a WD community thread from June 23 with plenty of horror stories, including one from the creator of the thread who said that their 2 T drive had been completely wiped:

I have a WD mybook live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2 T volume was almost full but now it shows full capacity.

The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for “owner password”. I have tried the default password “admin” and also what I could set for it with no luck. There seems to be no change to retrieve or reset password on this landing page either.

Could anyone help to find what was going on to this drive? I am stuck with emptied data on it now…

Another user said they had years of data deleted:

All my data is gone too. Message in GUI says it was “Factory reset” today! 06/23. I am totally screwed without that data…

Someone else described the experience as “scary”:

This is kind of scary. Exact same issue I was able to reset my password and log into the GUI but all my data is gone.

There is no indication of firmware update. Not sure what to do…

Another user explained how they lost four different network drives, wiped clean:

When I couldn’t access any of the 4 Network drives I created, I went to Network and double clicked on the MyBookLive Icon, which took me to the GUI page. A message popped up in the upper right that said the drive was factory reset. I wasn’t near my computer when this happened as the time stamp was earlier in the day. All WD is going to ask if we created a “Safepoint” which we could then recover the data from the last saved point. There has to be some “User Intervention” on WD’s part for this to happen to more than one person today.

Another user described the experience as looking like a simple error message at first before they realised everything was gone:

Exact same thing has happened to me. Tried to access some files via the iPhone app but got an error message saying “unable to connect”. Assumed it was just a Wi-Fi/network issue but when I tried to access the drive from my PC using a shortcut everything was gone except for (empty) default Public folders: Shared Music, Shared Pictures, Shared Videos and Software.

The time stamps on those folders say they were created at 00:16 (UK time) this morning.

There is also a .tickle file created at 00:17.

I can’t log into the UI on the device as it says my password is invalid.

And there are plenty more. Again, if you have a WD My Book Live hard drive currently connected to the internet, you should unplug it until the company figures out what’s going on.