Hackers Are Doing Factory Resets on Personal External Hard Drives

Hackers may have exploited a vulnerability in Western Digital's cloud-connected MyBook Live hard drives.
Chris Young

Data storage firm Western Digital's cloud-connected MyBook Live hard drives — trusted by many to hold terabytes worth of personal and professional files — have been the target of a cyberattack that completely wipes them of all their stored content, a report from Forbes explains.

Though the MyBook device is a physical hard drive, which looks somewhat like an Xbox Series X, it is remotely accessible via Western Digital's My Book Live app. The My Book Live series was released in 2010 and the devices received their final firmware update in 2015.

Owners who were affected by the attack stated that the passwords for their MyBook Live hard drives no longer worked.

As more and more owners started to report the problem on Western Digital’s Community forums, it was discovered that the devices had received a factory reset command, none of which were activated by the device's owners.

In one of those threads, a user wrote "all my data is gone... I am totally screwed without that data... years of it."

Western Digital urges users to go offline to secure data

In a statement, Western Digital said that "the log files we have reviewed show that the attackers directly connected to the affected MyBook Live devices from a variety of IP addresses in different countries."

"This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP."

Thankfully, however, Western Digital did state that the hackers didn't seem to have compromised the company's cloud infrastructure. The data storage firm also believes that personal user information was not compromised.

A Bleeping Computer report did state that some of the affected hard drive owners have had success recovering deleted files using PhotoRec, a free data recovery app. The same report states that the vulnerability exploited by the cyber attackers may be one tagged as CVE-2018-18472, which was discovered as far back as 2018.

Most Popular

Though it's too early to say whether it was, indeed, the same vulnerability that was exploited by the attackers, the new attack highlights the potential dangers of publically disclosing vulnerabilities for devices that are no longer receiving updates.

In its statement, Western Digital recommends that, until further notice, users disconnect any My Book Live and My Book Live Duo hard drives from the internet in order to protect data on the devices from being wiped.