Help! All data in mybook live gone and owner password unknown

Well, for crying out loud, I woke up this morning to my MBL also not being able to connect, the GUI to login no longer accepts my password, the drive mappings are going, redid them and got remapped, but drives are all empty, absolute years worth of backups, family photo’s all gone, Thanks a lot WD!

I just a password reset and now I can log back into the GUI, but all my data is gone, this truly ■■■■■.

1 Like

TLDR:
I was lucky I had lots already backed up (particularly mp3s).
I can recover a lot of files using DMDE and use the image and video metadata in Windows Explorer to reorganise my collections by date taken.
EDIT - If I hadn’t already opened my device or had a lot already backed up I’d be tempted to wait and see what comes of of the WD offer of data recovery and replacement devices before breaking open your MBL in case that voids whatever they may offer

The Rest:
So I thought I’d chip in where I am at in case my (limited) experiences are useful to others. After it became clear that there was a wider issue I powered down my MBL 2TB and have not powered it on since. I am somewhat fortunate in that I had all our music and photos up until April backed up on removable USB elsewhere so I didn’t have as much skin in the game as many of you so was happy to try stuff without waiting for a solution to settle out of WD or these forums.

I pulled the 2TB single disk out of the MBL and connected it into my desktop PC directly by borrowing the power and SATA cable from the CD ROM.
I downloaded DMDE and ran a full scan of the drive shown in the PC - note I did not try and explore it in Windows so that I wouldn’t get any prompts asking me to format or otherwise. I had about 1TB of data on there. The scan took about 6 hours.
Results:
It found 6 filesystem volumes and a lot of raw files and a few bits of directory structure. I need to open each volume and look through and see what is useful but mostly I’m just going to working from the raw results which group by file extension. The directory structure of the factory reset MBL is there as you would expect, but it has found some old folders with photos in and managed to preserve filenames. I don’t need any of these as they were items I had backed up elsewhere but they would be useful if I didn’t. The raw files found have around 200,000 images (my photo archive only had around 40,000) - some of this is images used on the MBL itself for web pages etc. some of it is multiple copies of the same image from where my photo archive structure was evolved over time i.e. the same photo copied from one location to another. I see the same for documents. I have multiple copies of the same document listed, generally with increasing file sizes which corresponds to all the versions that have been saved through time.

What next for me:
As I had backups to rely on I will probably be fine with the free version of DMDE which is limited to recovering - I think - 4000 files at a time. If I needed more I’d probably pay for the next version as it seems reasonable.
If I only target restoring file sizes between 400Kb and 20MB for images that will take out a lot of the thumbnails and corrupted files and that probably hits the average filesizes for our phones and DSLRs
All the filenames here are gone, however when restored a lot of the image data is still useable - i.e. In windows explorer → view → details If I add the data taken field to those shown (it is not by default) then I can sort all the photos by date and that will help me to fairly quickly find what I am missing. There are some that don’t have that information on but these appear to be either corrupted in some way (e.g. a 175MB file) or thumbnails created from an original image hopefully elsewhere.
Due to a fault in my backups I didn’t have a lot of home movies of the kids backed up so I’ll have to trawl through everything but these also mostly have the Media Created field populated so again I can sort by date to organise.
I didn’t have many documents stored on there which is fortunate as these will be the most painful to sort out, but did have some of the kids short stories that they had written. Luckily there are only a few hundred files to go through so I can do that in slower time.

So to those of you that are worried about the prospect of 10000s of files with random filenames, you might find that the file metadata gives you a quick way to reorganise your collections. For me I don’t care if my files are called DSC***.jpg or f****.jpg but I want to try and rebuild my folder structure which was largely organised around dates anyway and I can do that by sorting in explorer and dragging back a new dated folder.

I don’t need to sort my mp3s back again but if I did then similarly in Windows Explorer the artist, album and title fields are populated for my bought mp3s so I could use that to help rebuild my collection structure.

onther question: if I used in a non mirrored way but as 4TB storage drive, there must be somthing like a raid “overhead”. how can i restore this “overhead” if i connect both drives at the same time.
is that easily done?

Disappointing that the first warning email I received from WD was 26th June, yet in my case the attack was 24th June (while I was travelling). Sincerely hoping they stick to their promise of data recovery services.

That makes sense, but I’m also curious about why some people seemingly had less-destructive attacks than others. For example, my MBL was simply reset to factory configuration; there was no new password added, and as far as I can tell by reading the logs, no malicious code was injected into my MBL.

Does anybody know for sure if reinstalling the firmware would overwrite/remove any malicious code on the device? I don’t think I have any malware on my MBL, but I reinstalled the latest firmware just to be safe.

Hi - Hope this helps others but I was able to recover most of my photos from the My Book Live using the Photo Recovery software from Stellar (link here) Photo Recovery Software to Recover Deleted Photos - Stellar Official Site

I have the MyBook Live 3Tb and was affected by this issue. After scouring the internet for data recovery solutions (as I have years of photos on the drive) and testing a few of them I found success with the solution from Stellar (The review from TechRadar also helped…). It managed to find and recover about 1Tb of photos and videos from the drive.

Steps I took:

  • Couldn’t log into the drive via the WD app (failure) or via the browser (asked for owner password which was different to what it should have been)
  • Reset the drive via the button at the back for about 10 secs
  • Logged in via the browser (from memory the owner password is now blank) and saw that my shares were all gone along with the data. The bar at the bottom showed the drive with 90% free space
  • Removed the harddrive from the MyBookLive casing after watching some videos on Youtube and put it into a USB enclosure.
  • Used the Stellar Photo Recovery software demo which detected the drive as removable media
  • Scanned the drive using the default settings (The quick scan version), this took about 12-13 hours in total.
    Whilst it was scanning it was previewing some of my files and started building a file list so I could see it was working (see here: image_2021_06_29T10_43_26_232Z
  • After the scan was completed I could see most of the files in the app and then acquired the software key so I was confident it was ’ try before you buy’
  • You select a location to restore the files to and after a few hours its there again! Just make sure you select a different harddisk and don’t restore it to the MyBook Live drive to avoid corrupting it
  • I now have about 1Tb of data to sift through which is all photos and videos. Note: so far I have found the original filenames are gone, some of the images are corrupt (only half of it loads), or are smaller (thumbnail sizes) but this is by far the exception and the majority is all good. Considering I thought everything was lost and now I have a lot of the stuff back this is a win in my book.
  • I’ll let you know how I get on if anyone is further interested but besides removing the harddrive, this was super easy and non-technical; I even had tech support from Stella Helpdesk team when they realised it was in relation to this WD incident to advise which of their products would be effective, etc which were super helpful and courteous .
  • I also tried their generic Data Recovery app when I saw that the photo recovery app could pick up the data but unfortunately after another 12 hour scan this didn’t work (am still hoping that I could recover my other files from the drive). However I have been advised that the Data Toolkit app that they have is the one I should have used as that supports Linux drives but I have yet to try this but hope it will work.
    Hope this post helps other people in this unfortunate situation as I totally imagine there must be other people who had priceless wedding and anniversary photos on their drives too!
3 Likes

@TruckerJoe My R-Studio just finished a scan of the /dataVolume part of the drive. But I am at a loss as to how to see what it has done !!!
All I get when viewing by extension is this in the Graphics, Picture list. Do you know if I have missed something?

So who’s actually going to take them up on their replacement offer? lol

I am legit excited for the data recovery offer. Side eyeing the offer of new cloud devices.

1 Like

I’m sure mine was partitioned into more parts than a single drive. When I get home in a few hours I’ll have another look into it and post back.

I’m feeling the same way. Would sooner take them up on a full data recovery. Unsure about a replacement yet. But I did have to contact them for more info. The only information I have had about the problem is via this thread. No communication from WD at all.

If your MBL says “only 3G used” in the UI, what’s the chances of them being able to recover all your data.

I still dont get the vulnerability report regarding the Remote Access.
Is that the culcript?
Call me stuborn but now they offering some trade deal is not going to work for me.

I need to know how to block just internet traffic on this thing, or at least test if I can be reached even if I was not hit initially and all ports are filtered according to np command on Google Cloud machine.

Anyone knows about how to test this?
Thanks!

PS: it just doesnt make sense to say “disconnect from internet” as a solution, thats too wide…

I think if you registered your product you’ll get emails otherwise nothing.

Does anyone know if our data was compromised? Was it uploaded from the drives or just erased? The information from WD does not say one way or the other.
Thanks.

In case you are concerned about other products and services from Western Digital, our investigation of this incident has not found any evidence that our cloud services, firmware update servers, or customer credentials were compromised. The vulnerabilities being exploited are limited to the My Book Live devices, which were introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.

For more information, please see:

1 Like

I got a notice in email this morning that as of July 1 they will be doing recovery.

1 Like

It was that long ago I honestly couldn’t say

Backup vs archive etc.

There seems to be a lot of confusion over the proper usage of the term backup.

A Backup of files is a COPY to another physical medium. If you then delete the original files, you no longer have a “backup”. Your original backup is now your only copy and it is now more properly defined as an Archive. You should NEVER have needed / critical files to be only on One device.NEVER EVER.

My MBL was wiped, but it was only one of 6 backup copies of my original files which are still on the ThinkPad’s internal drives. I was able to reset in, copied some of the wiped files back to it, and then disconnected it and powered it off.

I never registered the MBL but since registering and posting here, WD had emailed me twice about this disaster so they are definitely monitoring this thread.

2 Likes

I’ve not been hit, and thankfully I have full backups on drives & a mirrored 6GB EX2.

Depending on what they offer in the MBL trade in they announced today, I might be tempted if the price is reasonable.

They should just make the drives LAN only via a patch and problem solved. Ridiculous really.

If they want silly money on the trade in I might buy a new enclosure & stick the 3TB drives in a new setup. Possibly a QNAP.

TBC. Your move WD.

4 Likes

A novice question, can one just format this drive as a normal drive if you remove it from the WD case and connect to PC as a normal HD?

1 Like