I still have my data with upnp enabled, auto update off, remote access off, ftp off. Last firmware update 2015
1 Like
I got the shaft as well. 2 TB of my childrenâs pics and videos, DELETED. Memories Iâm hoping i can get back through recovery⊠Their servers had to be compromised.
Not necessarily. Check your router and see if you have UPnP enabled.
Edit: Disable UPnP if it is enabled.
Iâve lost the lot too :(.
Anyone have any idea of what the password gets reset too, or is it a case of having to re reset it to change it?
You may have had a safepoint on the NAS which may be of some benefit. If you have lost data, do not make further changes and do not re-index the drive. It is likely that the data restoration will help recover most or all of your files if no further changes are made to the storage device.
1 Like
Please check your router and see if UPnP is enabled or disabled.
Edit: Disable UPnP if it is enabled.
I feel your pain brother. I had stuff ranging from my kids heartbeat to wedding pics, to everything. I literally broke down when it happened and lost it for a few blaming myself.
1 Like
All data 4 TB gone, business, private, family, schoolwork kids etc. etc⊠A complete disaster. WD apparently does not care about their responsibility to deliver on their promise to offer reliable hardware for storing the most important data of families around the world. Will proceed tomorrow on recovery of data for what is possible and left. Wondering what WDâs the practical story is and their legal one. For sure, their worldwide market share will be down the drain as well. I hope and pray to recover the majority of the data of our family, but then NEVER WD again. NEVER. Saw some articles passing in this community chat about WD hesitation for releasing security patches through the years. They should be hold liable for this cybersecurity event which is disaster for so many families around the globe.
3 Likes
Check and see if your router has UPnP enabled please Marc.
Edit: Disable UPnP if it is enabled.
I hate when IoT goes wrong, but i see the value in charging monthly for IoT services. This money could be used to maintain device firmware and apply patches for x number of years. However, the real failure here is on WD for not communicating to their customers more explicitly to unplug the device years ago; possibly offer an upgrade path, or push a final update disabling cloud connectivity.
Yeah it was enabled
2 Likes
Bonsoir Ă tous, je suis française, jâai eu le mĂȘme problĂšme que vous tous, jâai perdu tous mes fichiers de mon My Book Live (2 to), jâai UPnP qui est activĂ©, jâespĂšre que Western Digital trouvera une solution pour que lâon puisse rĂ©cupĂ©rer nos donnĂ©es. En attendant je lâai dĂ©branchĂ©.
2 Likes
Yeah it was enabled, what is the difference disable or enable ?
1 Like
UPnP disables the security features of your firewall and allows anyone from the internet to access your My Book Live. You should always disable UPnP.
UPnP dĂ©sactive les fonctions de sĂ©curitĂ© de votre pare-feu et permet Ă toute personne sur Internet dâaccĂ©der Ă votre My Book Live. Vous devez toujours dĂ©sactiver UPnP.
Also⊠wiped out on our WD My Book Live. Thankfully, or by divine intervention, I set up a Synology 4TB backup to completely copy all WD data, 50K+ photos, 200 hours of family heritage videos, etc⊠just âbecauseâ. WOW, So glad that I did that. I feel horrible for all of you who have lost everything. May the digital gods smile upon this chaos and restore your data. Good luck to all.
1 Like
@lb666 can you please check your router to see if you have UPnP enabled?
Glad you had backups.
Edit: Disable UPnP if it is enabled.
I had UPnP enabled. I also had âExtended UPnP securityâ enabled, whatever that means.
Have now disabled UPnP for the time being (yes, I know, horses, stable doors etcâŠ)
2 Likes
The flaw used to compromised the drives is nearly 3 years old at this point.
Itâs likely the script that wiped the drive was implanted on these WD devices a long time ago. Possibly to cover the tracks that the script was also uploading private data to hackers. For me that thought is more scary that wiped data.
Extended UPnP Security probably is the feature that allows UPnP clients to only add mappings to their IP. Unfortunately, as you already know, that feature is not helpful in this case. Its name is a misnomer. Even with it, UPnP is quite insecure. Iâm glad you were able to disable it.
