Help! All data in mybook live gone and owner password unknown

Did they email you directly, did it look like this?

My emails have been removed

I am pretty sure this is spam relating to the incident? Look at the email address, and the link doesnt appear to go to a valid WD site.

Is this real or part of the compromise?

I have a WD My Cloud, also pretty old. Should I be worried that it might share the same vulnerability? I’ve disconnected the device for now just to be sure.

1 Like

@MikeLanglois my e-mails from WD support have been coming from westerndigital@custhelp.com

Edit: ah, having said that, when I first created a support account I got a confirmation e-mail from wd_en_feedback@mailva.rnmk.com

I don’t think I actually clicked on any of the links in that mail though; I just logged on via the website.

Apparently it was real and a support ticket was made for me. They called me “valued customer” in my support profile thats why it says Dear Valued. I would recommend everyone if they do get an email, to not click the links and go to the support page in their browser though just in case.

The suppprt ticket basically asks for my logs, serial number of device and telling me to unplug the device (around 24 hours after it wiped my data so a bit late)

I will be instigating something. once I’ve picked myself up, focused on any potential recovery, the next thing I will be doing is seeking compensation for all the puking I’ve done in the last 24 hours, make no mistake about it I will certainly be seeking some legal action.

My mybooklive is also wiped :disappointed: lucky I think I’ve backups of most of my stuff, really feeling for those who have lost their data.

Are there any thoughts about longer term options for making use of the MBL (assuming WB won’t update the firmware). Would installing openwrt prevent a reoccurrence of this issue?

Just spoke to customer services. Absolutely nothing more to add other than ‘our engineering teams are actively investigating this issue’.

I would disconnect and backup up Ur data before connecting it all back up again.

Keep us all posted please.

Is this problem also related to other NAS in WD’s product line? I have just ordered a WD My Cloud EX2…

Right now I wouldn’t trust any WD NAS until there is verification that it is safe.

1 Like

One thing I need to find out is if these drives send telemetry to WD in the background. I’m betting that they do. If that’s the case then I would look very sharply at the idea that this could have originated from compromised WD servers.

I’m just struggling to figure out how all these specific drives were being injected with SSL scripts worldwide and it all happening very rapidly, within a space of a few hours. That leads me to suspect that whatever the source was of this attack, it must have already had existing access to these drives since the IP addresses were needed to execute that script.

I find it very concerning to read that some users are reporting that they were hit by this while they had remote features disabled. Although I have a different device, I’m keeping it fully disconnected until we know more

Yep same here. In Australia. Happened exactly at 7.10am on Thursday morning Western Australia Time. I was actually watching it go from blue to yellow led. Was odd so logged in and found it reset.

No idea why but too to a mates and all that he had was rphoto. All the data is there but no file or folder names so that was hard to use given there’s 1000`s of files

Have taken to a pro who’s looking at it now with R studio and he said he’s found superblocks…

Then I saw this just now I’m not the only one! I thought it was me.

I did see logs on my virus firewall showing an increase in attacks in the last few days on that device but didn’t do anything. Was going to disconnect remote access but then this happened before I got the chance.

Pissed but my bad with only backups of partial docs and photos items but lost all my iTunes library and video library.

Feel stupid but definitely expect more from WD.

Is it even worth opening a support ticket? the unit is 9 years old

2 Likes

■■■■: EX2Ultra - and also all data gone!

Photos of router antivirus log attack on WD just before it was commanded to reset

2 Likes

Just had a look at my firewall logs. Nothing since the 1st of April until the early hours of this morning. Since then it has blocked dozens of remote administration attempts. Not sure if this is in any way related but it’s a bit of a worrying coincidence.

I never liked how slow NAS was, how frequently it looses connectivity and had to be reset multiple times but THIS?! WD has a major issue with this “factory reset” and downplays the event limiting it to some unlucky customers. But it looks more and more as massive “Carrington Event” for WD My Cloud users. Very upset, I don’t expect WD to do anything meaningful to resolve this issue. Now I have to rethink the entire strategy of backups, NAS, cloud services etc. The world we all live in is full of nastiness and unreliability. “Thanks”, WD for adding more chaos to our life.

1 Like

same here - all gone - as of this morning june 25th. just default public folders and software and cant login to the UI to erase and reconfigure

Same thing happened to me overnight 23rd /24th June 2021.
Been scratching my head trying to work out what or who had deleted everything. I’d seen the windows 10 references, and noted the date, but had the same problem on smart TV’s so rightly assumed that windows 10 not the problem especially as all had been working fine the day before.
Everything from admin rights to data has disappeared leaving me with what looks like a new device and no option to rewind the clock.
Been running the 2Tb version for several years to across all household devices to support and provide what we thought was a secure RAID back up system with no problems.