Help! All data in mybook live gone and owner password unknown

I will be instigating something. once I’ve picked myself up, focused on any potential recovery, the next thing I will be doing is seeking compensation for all the puking I’ve done in the last 24 hours, make no mistake about it I will certainly be seeking some legal action.

My mybooklive is also wiped :disappointed: lucky I think I’ve backups of most of my stuff, really feeling for those who have lost their data.

Are there any thoughts about longer term options for making use of the MBL (assuming WB won’t update the firmware). Would installing openwrt prevent a reoccurrence of this issue?

Just spoke to customer services. Absolutely nothing more to add other than ‘our engineering teams are actively investigating this issue’.

I would disconnect and backup up Ur data before connecting it all back up again.

Keep us all posted please.

Is this problem also related to other NAS in WD’s product line? I have just ordered a WD My Cloud EX2…

Right now I wouldn’t trust any WD NAS until there is verification that it is safe.

1 Like

One thing I need to find out is if these drives send telemetry to WD in the background. I’m betting that they do. If that’s the case then I would look very sharply at the idea that this could have originated from compromised WD servers.

I’m just struggling to figure out how all these specific drives were being injected with SSL scripts worldwide and it all happening very rapidly, within a space of a few hours. That leads me to suspect that whatever the source was of this attack, it must have already had existing access to these drives since the IP addresses were needed to execute that script.

I find it very concerning to read that some users are reporting that they were hit by this while they had remote features disabled. Although I have a different device, I’m keeping it fully disconnected until we know more

Yep same here. In Australia. Happened exactly at 7.10am on Thursday morning Western Australia Time. I was actually watching it go from blue to yellow led. Was odd so logged in and found it reset.

No idea why but too to a mates and all that he had was rphoto. All the data is there but no file or folder names so that was hard to use given there’s 1000`s of files

Have taken to a pro who’s looking at it now with R studio and he said he’s found superblocks…

Then I saw this just now I’m not the only one! I thought it was me.

I did see logs on my virus firewall showing an increase in attacks in the last few days on that device but didn’t do anything. Was going to disconnect remote access but then this happened before I got the chance.

Pissed but my bad with only backups of partial docs and photos items but lost all my iTunes library and video library.

Feel stupid but definitely expect more from WD.

Is it even worth opening a support ticket? the unit is 9 years old


■■■■: EX2Ultra - and also all data gone!

Photos of router antivirus log attack on WD just before it was commanded to reset


Just had a look at my firewall logs. Nothing since the 1st of April until the early hours of this morning. Since then it has blocked dozens of remote administration attempts. Not sure if this is in any way related but it’s a bit of a worrying coincidence.

I never liked how slow NAS was, how frequently it looses connectivity and had to be reset multiple times but THIS?! WD has a major issue with this “factory reset” and downplays the event limiting it to some unlucky customers. But it looks more and more as massive “Carrington Event” for WD My Cloud users. Very upset, I don’t expect WD to do anything meaningful to resolve this issue. Now I have to rethink the entire strategy of backups, NAS, cloud services etc. The world we all live in is full of nastiness and unreliability. “Thanks”, WD for adding more chaos to our life.

1 Like

same here - all gone - as of this morning june 25th. just default public folders and software and cant login to the UI to erase and reconfigure

Same thing happened to me overnight 23rd /24th June 2021.
Been scratching my head trying to work out what or who had deleted everything. I’d seen the windows 10 references, and noted the date, but had the same problem on smart TV’s so rightly assumed that windows 10 not the problem especially as all had been working fine the day before.
Everything from admin rights to data has disappeared leaving me with what looks like a new device and no option to rewind the clock.
Been running the 2Tb version for several years to across all household devices to support and provide what we thought was a secure RAID back up system with no problems.

I would still report and open a ticket just to continue to raise the issue up the agenda. I don’t expect any meaningful resolution from them but I will keep bombarding them until I feel like they’re sorry even if it takes 10 years off my life! You’re not alone in feeling stupid, I have so many regrets right now!

Attempt to recover using Stellar Data Recovery was unsuccessful, it found nothing after a full scan. Will look at other methods this evening.

Have made some progress in recovering files…
Removed disk from enclosure
Used a Sata to USB adapter into my Win 10 laptop
Installed Ext2Fsd and mounted the drive
Installed TestDisk and have run photo_rec against the whole disk.

Recovering the files slowly, mostly jpg and mov, not sure how it’ll do with other docs but have seen some non media files coming across.

This is good news. I just dropped mine off with a local shop in hopes that they can recover the data, I figured it was safer than trying it myself! So hopefully they’ll have success.

1 Like