Is there any indication that this was solely a device reset or were the hackers able to access/copy the data?
It seems that some people had their MBL hit worse than others. Some people report that the admin password was changed after the MBL was reset to factory configuration, and in a few known cases malicious code was injected into the device’s operating system. It is very likely that the attackers did have access to the data on the drives. Whether it was copied or even viewed, nobody can say yet.
My MBL looks like it was just reset, and I haven’t found any evidence of present malicious code in my device. To be safe I reinstalled the latest firmware from 2015, then I did a full factory reset (which takes hours) which overwrites any data on the disk. I also performed a full diagnostic, which also takes a few hours, and all functioned normally.
I am reasonably sure my device does not have malicious code on it, but the problem is I’m not sure if anybody could be absolutely sure either way. These devices were rooted with admin privileges, and that means anything could be possible. Reinstalling the firmware should overwrite any malicious injected code if any were present, however.
