Is my WDMyCloud device being hacked?

I have been feeling intrigued lately because at night, I can hear my device buzzing and clicking as if it were being accessed, but I am positive that none of my computers, mobile devices, etc are actively accessing my unit.
I resorted to unplugging the MyCloud device from the power supply because I am worried that it is under attack from an outside agent (from the internet).

Why does it run at those times? Is this normal, maybe house cleaning or something?
Is my device being accessed without my authorization?

I know there is always a possibility of any device connected to the internet of being hacked, but… is this the case?

Thank you!

How are you sure your local network devices are not accessing the My Cloud at night? Are they physically turned off (powered off)?

The My Cloud has an option to enable “Drive Sleep” through the My Cloud Dashboard, but if one uses the forum search feature, magnifying glass icon upper right, they will find the My Cloud device typically won’t sleep even though that option is enabled; unless one hacks the firmware (via SSH) to disable a number of running indexing services on the My Cloud. Even then the My Cloud may not sleep very much. The sleep issue is one that has been well discussed in this subforum.

Depending on what devices you have on the local network, those devices may be polling the network to see what other devices are connected. For example if you have a Mapped Share the computer may try to poll the My Cloud periodically to ensure the mapped share is still available. Or if a computer with a mapped share comes out of sleep/hibernation it may attempt to connect to the My Cloud, waking the device from sleep mode.

Securing the My Cloud starts by first ensuring you have enabled the password option for the Administrator account of the My Cloud to access the My Cloud Dashboard. That one uses a complex password. That one has created Private Shares and put any sensitive data in those Private Shares and limited User access to those Private Shares. Private Shares and User access is controlled through the My Cloud Dashboard. Disable Cloud Access/Remote Accee and FTP if you do not need it. FTP is insure to begin with (username/passwords sent unencrypted).

Next one should understand that allowing any sort of remote access to the My Cloud using either the My Cloud Cloud/Remote access feature or FTP option within the My Cloud is opening a potential (how ever remote) avenue to exploitation from the broadband/internet side.

Next one would move to their local network and check all connected devices. Any device that connects to the local network is a potential source of attack. If one is using WiFi they need to ensure both the WiFi router is locked down with a strong password (not the router default) and a strong WiFi WPA2 password. Review which devices are connected to the local network through the router’s administration page to ensure no rouge devices are using WiFi. Do not use “guest networks” if at all possible since users tend to leave those open. Do not let any unknown persons to connect to your local network.

Finally, make sure to use good antivirus/anti-malware security software. Keep that software up to date and run full scans regularly. Those with multi bay My Cloud units may be able to add a third party Apps to the My Cloud that scans for viruses/malware. The single bay units do not support third part App modules. But unofficially those who use v2.x single bay My Clouds might be able to add some of those third party modules to their units.

No doubt others will chime in with additional information or suggestions. Also use the forum search feature, magnifying glass icon upper right, to search for past discussions (there are a couple) on the possibility of the My Cloud being hacked.

1 Like

Thank you so very much for your very thorough, kind and enjoyable explanation.

I have already done most of the things you mentioned. Tonight I will make sure that none of my portable devices or computers are connected to the local network or the internet. I guess one of those devices was polling (poking?) the WD device for the availability of the public share.

Thanks again!

I have had a DL series My Cloud for quite a few years, and every so often I hear ir come to life, but it is not hacking – it is doing some sort of maintenance. It could be something simple like updating the internal clock. Anything connected to the internet will likely auto-perform a task once in a while. I don’t fret about it.

Thank you mike27oct!!!