Help! All data in mybook live gone and owner password unknown

I would recommend this with ALL WD ethernet enabled devices until there is some clarity on what has happened. This could be “real bad”.

Hi guys - exactly the same issue here. Please can I ask that everyone raise a ticket in the formal channels at WD? I have created a support ticket through my IP login “support” this morning and submitted my system logs to them (no response so far) and I have tweeted them publically and privately - the more of us that do this, the larger the problem will be for them and the more chance of a speedy resolution.

I’m not going to lie, I have been in tears over this pretty much all day. I started a new job 7 months ago and all my data/work was on here (yes, this was not backed up as I only do back ups every 6 months or so and it’s been busy :frowning: ). I can’t beleive this has happened, it doesn’t seem real, but I will absoutely pursue every avenue I can to get them to at least tell me what they’ve done so I can instruct professional data recovery services (and then I will do all i can to hold them to account as well. P***** off is an understatement).

Please PLEASE raise a support ticket and shout as loudly as you can.

1 Like

Hey Sammie, how exactly do you check your system logs to see what has happened?

I’ve got a support ticket open. Went via the live chat function and one of their advisors suggested a number of things to try but unfortunately none of them worked. I had to disconnect to try the last one (connecting the MyBook Live directly to my PC with an ethernet cable) so the chat ended. I’ve updated the ticket to reflect that this didn’t make any difference and also draw their attention to this thread.

I’ve also now disconnected the device from my LAN and powered it down as per the suggestion above.

If we do this, and they are able to restore data…how will they restore it if it’s not connected to the internet and/or plugged in?

As long as you know how to log in to your dashboard then this guide will show you how to download the system logs:

https://support-en.wd.com/app/answers/detail/a_id/7548?fbclid=IwAR2TUM0jtGluTPQuslzNQ5mLEPoEwvqNpazP6C3psy9j_BEoaufQjRfqoYc

Once you log into your dashboard, raise a ticket under “support” (this is self-explanatory) once you’ve detailed the problem then there is the ability at any time to go back to the ticket and attach the files.

I have sent the following wording where I have referred them to this thread - I am keen they understand this is not an isolated incident:

"Today I have woken up to discover that my Western Digital external harddrive (MyBookLive) has been factory reset. I have lost 4TB of data, this includes all my insurance policies, budgets, the usual “life admin” as well as all the photos of my children, my wedding etc but just as importantly my livelihood. I am an independent consultant and my last 7 months of project work is all gone.

Upon investigation, the web GUI is showing a log for a factory reset overnight which has been pushed out by WD without any permissions. I have discovered the below forum thread where it would appear that at least 20 or so WD users have had a factory reset forced on their drives overnight. So far, WD have not responded to my responding to emails, support tickets or twitter posts.

It is very scary and devastating that someone can do factory restore on my drive without any permission granted from the end user. I need a remedy to this issue immediately as this is already incurring a great cost to me. I would also like to know if this has been reported by any other users as I am clearly not alone in suffering this problem today (has there been a malicious attack by a third party? A disgruntled employee?). I need this urgently resolved and restored, or at least find out if I must have my data professionally recovered (at a cost of £600+VAT) as soon as possible. I cannot understate the terror involved here, it is like a house fire, I’ve lost everything."

1 Like

It’s highly unlikely they will be able to restore your data while the drive is still in the machine. It’s more likely they’ve lost control of the systems that tell the WD Lives what to do and someone bad told them to reset to factory defaults.

Pick your poison. In one hand you have a potentially hostile tiny PC inside your firewall, and in the other you have data that’s already lost on a device that’s “Legacy”.

1 Like

Ah thanks for the steps. I wasn’t able to access my hard drive through the dashboard as it said my password was incorrect, even after resetting and trying the default password it won’t let me onto the dashboard. I’ll raise a ticket still with what I have, and hoping my data is on there somewhere at least.

Ok I managed to get back onto the dashboard, but its showing 3tb free of 3tb. Come on what is this why would this happen?

Jun 24 00:26:53 MyBookLive factoryRestore.sh: begin script:
Jun 24 00:26:53 MyBookLive shutdown[5033]: shutting down for system reboot
Jun 24 00:26:53 MyBookLive logger: exit standby after 9674 (since 2021-06-23 21:45:39.926803414 +0100)

Guess thats when it happened according to my logs

I am unable to raise a ticket under support as I can not log into my dashboard because the password won’t work.
First thing this morning a message flashed up when I tried to access my MyBookLive the said Server Shutting Down. Then could not get into it. I have several years of data on mine as well and really need to find out how I can access it, if it is still there.

1 Like

I have the same issue - put in a support ticket. Hope we get some info from WD.

I also have same issue. Has been stressing me out all day.

Just found the same problem. Can’t log in via browser or app or desktop client. Whilst I can see the drive via network it’s empty. Not happy.
How do I complete a support ticket if I can’t log in.

I also have the same issue unfortunately and am very concerned. Trying not to think about everything that might be lost. Have just sent a ticket………

For those who lost their files, was your MyBook connected directly to the Internet? Or behind a firewall?

Mine’s behind a firewall.

Same thing happened to me, I logged a ticket and have just added to that ticket with a link to this page.

Doesn’t matter. If the device is programmed to “reach out” to WD for instructions. This is a VERY common method of configuring “Cloud” devices so if you don’t have it blocked in and out you’re still vulnerable to this kind of problem.

Very few (if any?) consumer firewalls stop outbound access to the internet by default. Many consumer routers don’t even have an advanced firewall capable of that kind of traffic management either.

It happens like this.

  1. WD Device boots and reaches out to a URL (like https://cnc.wd.com?devid=123456679)
  2. Website returns a response with either “nothing” or a script/command for the device to perform.
  3. WD Device determines what the return was and either executes the script, notifies the user of an update, etc.

In this case the response from the site could very well have been “Do a factory reset and wipe all data”. Nobody knows at this point, so unplugging it entirely is the safest bet.

This is good point but consumer firewalls should prevent outside world for inititating connection to your device. When the device inside initiates connection as you mention thats another story. I dont think anything else short of unplugging the device from the network would be 100% protection.

This has happened to me also :frowning: Was working this morning.
Everything gone from public except for Shared Music, Pictures, Videos, Software Folder (all empty) and a .tickel file modified 24/06/2021 20:26

FYI got into the settings after reseting with a blank password, nothing typed in, just clicked login.

Another one here :cry: