Apparently it was real and a support ticket was made for me. They called me “valued customer” in my support profile thats why it says Dear Valued. I would recommend everyone if they do get an email, to not click the links and go to the support page in their browser though just in case.
The suppprt ticket basically asks for my logs, serial number of device and telling me to unplug the device (around 24 hours after it wiped my data so a bit late)
I will be instigating something. once I’ve picked myself up, focused on any potential recovery, the next thing I will be doing is seeking compensation for all the puking I’ve done in the last 24 hours, make no mistake about it I will certainly be seeking some legal action.
One thing I need to find out is if these drives send telemetry to WD in the background. I’m betting that they do. If that’s the case then I would look very sharply at the idea that this could have originated from compromised WD servers.
I’m just struggling to figure out how all these specific drives were being injected with SSL scripts worldwide and it all happening very rapidly, within a space of a few hours. That leads me to suspect that whatever the source was of this attack, it must have already had existing access to these drives since the IP addresses were needed to execute that script.
I find it very concerning to read that some users are reporting that they were hit by this while they had remote features disabled. Although I have a different device, I’m keeping it fully disconnected until we know more
Yep same here. In Australia. Happened exactly at 7.10am on Thursday morning Western Australia Time. I was actually watching it go from blue to yellow led. Was odd so logged in and found it reset.
No idea why but too to a mates and all that he had was rphoto. All the data is there but no file or folder names so that was hard to use given there’s 1000`s of files
Have taken to a pro who’s looking at it now with R studio and he said he’s found superblocks…
Then I saw this just now I’m not the only one! I thought it was me.
I did see logs on my virus firewall showing an increase in attacks in the last few days on that device but didn’t do anything. Was going to disconnect remote access but then this happened before I got the chance.
Pissed but my bad with only backups of partial docs and photos items but lost all my iTunes library and video library.
Feel stupid but definitely expect more from WD.
Is it even worth opening a support ticket？ the unit is 9 years old
Just had a look at my firewall logs. Nothing since the 1st of April until the early hours of this morning. Since then it has blocked dozens of remote administration attempts. Not sure if this is in any way related but it’s a bit of a worrying coincidence.
I never liked how slow NAS was, how frequently it looses connectivity and had to be reset multiple times but THIS?! WD has a major issue with this “factory reset” and downplays the event limiting it to some unlucky customers. But it looks more and more as massive “Carrington Event” for WD My Cloud users. Very upset, I don’t expect WD to do anything meaningful to resolve this issue. Now I have to rethink the entire strategy of backups, NAS, cloud services etc. The world we all live in is full of nastiness and unreliability. “Thanks”, WD for adding more chaos to our life.
Same thing happened to me overnight 23rd /24th June 2021.
Been scratching my head trying to work out what or who had deleted everything. I’d seen the windows 10 references, and noted the date, but had the same problem on smart TV’s so rightly assumed that windows 10 not the problem especially as all had been working fine the day before.
Everything from admin rights to data has disappeared leaving me with what looks like a new device and no option to rewind the clock.
Been running the 2Tb version for several years to across all household devices to support and provide what we thought was a secure RAID back up system with no problems.