Did they email you directly, did it look like this?
My emails have been removed
I am pretty sure this is spam relating to the incident? Look at the email address, and the link doesnt appear to go to a valid WD site.
Is this real or part of the compromise?
I have a WD My Cloud, also pretty old. Should I be worried that it might share the same vulnerability? Iāve disconnected the device for now just to be sure.
@MikeLanglois my e-mails from WD support have been coming from westerndigital@custhelp.com
Edit: ah, having said that, when I first created a support account I got a confirmation e-mail from wd_en_feedback@mailva.rnmk.com
I donāt think I actually clicked on any of the links in that mail though; I just logged on via the website.
Apparently it was real and a support ticket was made for me. They called me āvalued customerā in my support profile thats why it says Dear Valued. I would recommend everyone if they do get an email, to not click the links and go to the support page in their browser though just in case.
The suppprt ticket basically asks for my logs, serial number of device and telling me to unplug the device (around 24 hours after it wiped my data so a bit late)
I will be instigating something. once Iāve picked myself up, focused on any potential recovery, the next thing I will be doing is seeking compensation for all the puking Iāve done in the last 24 hours, make no mistake about it I will certainly be seeking some legal action.
My mybooklive is also wiped 
lucky I think Iāve backups of most of my stuff, really feeling for those who have lost their data.
Are there any thoughts about longer term options for making use of the MBL (assuming WB wonāt update the firmware). Would installing openwrt prevent a reoccurrence of this issue?
Just spoke to customer services. Absolutely nothing more to add other than āour engineering teams are actively investigating this issueā.
I would disconnect and backup up Ur data before connecting it all back up again.
Keep us all posted please.
Is this problem also related to other NAS in WDās product line? I have just ordered a WD My Cloud EX2ā¦
Right now I wouldnāt trust any WD NAS until there is verification that it is safe.
One thing I need to find out is if these drives send telemetry to WD in the background. Iām betting that they do. If thatās the case then I would look very sharply at the idea that this could have originated from compromised WD servers.
Iām just struggling to figure out how all these specific drives were being injected with SSL scripts worldwide and it all happening very rapidly, within a space of a few hours. That leads me to suspect that whatever the source was of this attack, it must have already had existing access to these drives since the IP addresses were needed to execute that script.
I find it very concerning to read that some users are reporting that they were hit by this while they had remote features disabled. Although I have a different device, Iām keeping it fully disconnected until we know more
Yep same here. In Australia. Happened exactly at 7.10am on Thursday morning Western Australia Time. I was actually watching it go from blue to yellow led. Was odd so logged in and found it reset.
No idea why but too to a mates and all that he had was rphoto. All the data is there but no file or folder names so that was hard to use given thereās 1000`s of files
Have taken to a pro whoās looking at it now with R studio and he said heās found superblocksā¦
Then I saw this just now Iām not the only one! I thought it was me.
I did see logs on my virus firewall showing an increase in attacks in the last few days on that device but didnāt do anything. Was going to disconnect remote access but then this happened before I got the chance.
Pissed but my bad with only backups of partial docs and photos items but lost all my iTunes library and video library.
Feel stupid but definitely expect more from WD.
Is it even worth opening a support ticketļ¼ the unit is 9 years old
ā ā ā ā : EX2Ultra - and also all data gone!
Just had a look at my firewall logs. Nothing since the 1st of April until the early hours of this morning. Since then it has blocked dozens of remote administration attempts. Not sure if this is in any way related but itās a bit of a worrying coincidence.
I never liked how slow NAS was, how frequently it looses connectivity and had to be reset multiple times but THIS?! WD has a major issue with this āfactory resetā and downplays the event limiting it to some unlucky customers. But it looks more and more as massive āCarrington Eventā for WD My Cloud users. Very upset, I donāt expect WD to do anything meaningful to resolve this issue. Now I have to rethink the entire strategy of backups, NAS, cloud services etc. The world we all live in is full of nastiness and unreliability. āThanksā, WD for adding more chaos to our life.
same here - all gone - as of this morning june 25th. just default public folders and software and cant login to the UI to erase and reconfigure
Same thing happened to me overnight 23rd /24th June 2021.
Been scratching my head trying to work out what or who had deleted everything. Iād seen the windows 10 references, and noted the date, but had the same problem on smart TVās so rightly assumed that windows 10 not the problem especially as all had been working fine the day before.
Everything from admin rights to data has disappeared leaving me with what looks like a new device and no option to rewind the clock.
Been running the 2Tb version for several years to across all household devices to support and provide what we thought was a secure RAID back up system with no problems.
| Forums | News and Announcements | Register | Help | Forum Guidelines |
Copyright Ā© 2021 Western Digital Technologies, Inc. All rights
reserved.
|
Trademarks
|
Privacy
|
Community Terms of Service
|
Site Terms of Use
|
Copyright
|
Contact WD
|
