If we do this, and they are able to restore data…how will they restore it if it’s not connected to the internet and/or plugged in?
As long as you know how to log in to your dashboard then this guide will show you how to download the system logs:
Once you log into your dashboard, raise a ticket under “support” (this is self-explanatory) once you’ve detailed the problem then there is the ability at any time to go back to the ticket and attach the files.
I have sent the following wording where I have referred them to this thread - I am keen they understand this is not an isolated incident:
"Today I have woken up to discover that my Western Digital external harddrive (MyBookLive) has been factory reset. I have lost 4TB of data, this includes all my insurance policies, budgets, the usual “life admin” as well as all the photos of my children, my wedding etc but just as importantly my livelihood. I am an independent consultant and my last 7 months of project work is all gone.
Upon investigation, the web GUI is showing a log for a factory reset overnight which has been pushed out by WD without any permissions. I have discovered the below forum thread where it would appear that at least 20 or so WD users have had a factory reset forced on their drives overnight. So far, WD have not responded to my responding to emails, support tickets or twitter posts.
It is very scary and devastating that someone can do factory restore on my drive without any permission granted from the end user. I need a remedy to this issue immediately as this is already incurring a great cost to me. I would also like to know if this has been reported by any other users as I am clearly not alone in suffering this problem today (has there been a malicious attack by a third party? A disgruntled employee?). I need this urgently resolved and restored, or at least find out if I must have my data professionally recovered (at a cost of £600+VAT) as soon as possible. I cannot understate the terror involved here, it is like a house fire, I’ve lost everything."
It’s highly unlikely they will be able to restore your data while the drive is still in the machine. It’s more likely they’ve lost control of the systems that tell the WD Lives what to do and someone bad told them to reset to factory defaults.
Pick your poison. In one hand you have a potentially hostile tiny PC inside your firewall, and in the other you have data that’s already lost on a device that’s “Legacy”.
Ah thanks for the steps. I wasn’t able to access my hard drive through the dashboard as it said my password was incorrect, even after resetting and trying the default password it won’t let me onto the dashboard. I’ll raise a ticket still with what I have, and hoping my data is on there somewhere at least.
Ok I managed to get back onto the dashboard, but its showing 3tb free of 3tb. Come on what is this why would this happen?
Jun 24 00:26:53 MyBookLive factoryRestore.sh: begin script:
Jun 24 00:26:53 MyBookLive shutdown: shutting down for system reboot
Jun 24 00:26:53 MyBookLive logger: exit standby after 9674 (since 2021-06-23 21:45:39.926803414 +0100)
Guess thats when it happened according to my logs
I am unable to raise a ticket under support as I can not log into my dashboard because the password won’t work.
First thing this morning a message flashed up when I tried to access my MyBookLive the said Server Shutting Down. Then could not get into it. I have several years of data on mine as well and really need to find out how I can access it, if it is still there.
I have the same issue - put in a support ticket. Hope we get some info from WD.
I also have same issue. Has been stressing me out all day.
Just found the same problem. Can’t log in via browser or app or desktop client. Whilst I can see the drive via network it’s empty. Not happy.
How do I complete a support ticket if I can’t log in.
I also have the same issue unfortunately and am very concerned. Trying not to think about everything that might be lost. Have just sent a ticket………
For those who lost their files, was your MyBook connected directly to the Internet? Or behind a firewall?
Mine’s behind a firewall.
Same thing happened to me, I logged a ticket and have just added to that ticket with a link to this page.
Doesn’t matter. If the device is programmed to “reach out” to WD for instructions. This is a VERY common method of configuring “Cloud” devices so if you don’t have it blocked in and out you’re still vulnerable to this kind of problem.
Very few (if any?) consumer firewalls stop outbound access to the internet by default. Many consumer routers don’t even have an advanced firewall capable of that kind of traffic management either.
It happens like this.
- WD Device boots and reaches out to a URL (like https://cnc.wd.com?devid=123456679)
- Website returns a response with either “nothing” or a script/command for the device to perform.
- WD Device determines what the return was and either executes the script, notifies the user of an update, etc.
In this case the response from the site could very well have been “Do a factory reset and wipe all data”. Nobody knows at this point, so unplugging it entirely is the safest bet.
This is good point but consumer firewalls should prevent outside world for inititating connection to your device. When the device inside initiates connection as you mention thats another story. I dont think anything else short of unplugging the device from the network would be 100% protection.
This has happened to me also Was working this morning.
Everything gone from public except for Shared Music, Pictures, Videos, Software Folder (all empty) and a .tickel file modified 24/06/2021 20:26
FYI got into the settings after reseting with a blank password, nothing typed in, just clicked login.
Another one here
Seeing the same thing here. Got blanked, new folder creation timestamp is June 23, 5:34 PM Central Time. Unlikely to be the Windows 10 issue someone above linked, as no Win10 system has ever connected to this drive, just a Win7 and Mac machine.
Should consider myself “lucky” that remote access of my MBL has been Disabled some time already due to modem settings and unable to connect to internet. I still have access to my data on the device through local network and Win10 computer.
I did not look to remedy this because of an bad experience with an new WD dualbay NAS last december. Within 24h this device got hijacked and if i would pay some bitcoin to get my data restored.
Did not pay, most of my pictures will stiil on the camera’s/phone so i could recover the important stuff. returned the device to supplier. Learned an lesson not to connect an NAS and stept “back” to old style external backup drive for save keep. The old MBL as an local convenient mirror of this to quickly acces files.
Sorry to say but from now i keep away from NAS devices and WD products.
NAS devices are perfectly fine in general, just stay away from any “Cloud connected” service and use reasonable safety precautions like blocking outbound access and not leaving a drive mapped on your PC.
Mapped drives are common attack vectors from PC’s to NAS devices, so keep that in mind.
Unfortunately we’re at a point in history where the average home user needs to at least have someone available to them who knows a decent amount of networking, and the average home router should have some method to block outbound access on a per-device basis. If yours does not, replace it with one that does.
Just found this article.
Doesn’t look good if I’m honest.