WD knew My Book Live remote execution exposure years ago!

Thank you for your research.

so, who is going to know when the data can be restored or not?

how are they going to notify us?

ARE they going to notify us?

i am a small business owner, and ALL of my business was on my MyBook Live… :unamused:

This user has posted the most detailed information about data recovery: Help! All data in mybook live gone and owner password unknown - #227 by andyman1222

Other users have reported success with Ontrack EasyRecovery and PhotoRec.

Still others have had their hardware evaluated by a professional data recovery firm.

i am a small business owner, and ALL of my business was on my MyBook Live… :unamused:

Sorry to hear that. I hope you’re able to recover some of it. If it’s any consolation, most of us learn about data loss the hard way. (Many years ago, I did too!)

is the WD Mycloud 4TB on firmware 5.14.105 safe?

Read the WizCase link and come to your own conclusion as this was from 2018.

And would you really want to trust WD after they knew of this in 2018 and did nothing! WD states they value their customer’s data. Their lack of security actions clearly show otherwise.


It is not a one-time affair; the attack can come everytime.
But you can disable UPnP in the router and your NAS and disable remote access.

Additionally, you can fix the security vulnerability yourself. There are only 2 lines of code (!!) that needs to be fixed. And WD didn’t care about this tiny fix, just because the product is EOL.
Here is my fix: Help! All data in mybook live gone and owner password unknown - #415 by dracenmarx

1 Like


I guess the public hasn’t really heard about this yet too much, or doesn’t care?

Well it is bad Public Relations. WD could have done more to get MyBook customers to upgrade and take seriously the devices are EOL with no updates nor support. From a corporate point of view WD is huge company and the consumer market is a few drops in the corporate bucket. WD is not losing large amounts of money for this. WD has pricy lawyers if you want claim losses on a device EOL over 5 years ago. To be honest big corporates really don’t care about consumers. We are expendable.

1 Like

Wow! I am speechless.
On the other hand, I am not surprised. The situation in Germany is that only the computer-news pages write about this hack. The “non-computer” media, news papers and TV don’t mention it. I am used to that, since Germany is digital stone age.

It hit Forbes, but that’s it AFAIK.

Should we get togheter and poke them on social media?

1 Like

Sure horror stories where a parent lost all their family’s lifetime memories . A contractor who lost all his/her work for six months and now will not be able collect a single dollar.

Get a bunch stories like this on social media and there will likely be a class action lawsuit.


Same reason car manufactures are liable for safety recalls even decades after releasing a car.

WD made ZERO effort to inform customers they NEED to upgrade to a new device and their device’s current network interface disabled. Seagate and other manufactures have disabled networking on old storage devices after support EOL. WD neglected basic security and failed to inform their customers of the risk present in our dangerous IT world. Seems to me class action lawyers would be drooling over the financial opportunity.

With all the recent ransomware in the news and the focus at the federal level I honestly expect a class action lawsuit to win despite the device being EOL for 8 years and the precedence the manufacturer of EOL equipment is not liable.

There is ample evidence WD ignored informing users which was done as standard practice by their competitors for similar products.


Dont step on the backup, go to root cause. And the root cause is the OS security config.

If an end user come across with a dead mechanic hard drive inside the MBL, thats not WD fault.
Now if WD let a hole open (behind end users backs) thats on them.
You can tell that to their lawyers…

As I also recall, Windows XP was EOL and unsupported and when Microsoft was aware of a vulnerability a few years back, they released a security patch. Because the hardware might be EOL, a firmware patch by WD could have been offered when this was discovered 2 years ago.

1 Like

My drive is at Ontrack with a 700 dollar estimate and none of the filenames or folder structures on what they are able to recover are what they were, so there is a huge amount of work to go through and rename/reorganize. Yeah, shame on me for trusting the WD to be the sole source of some of the files that were lost, but shame on WD for not at least sending an email or doing a firmware patch on an issue they knew about 2 years ago. I understand it’s an EOL product, but even Microsoft released a patch to plug a hole in XP, which was also unsupported EOL operating system.


I’ve written off their products in my mind and will never buy another, and I purchase quite a bit for work. I understand the EOL deal, but to know about an issue 2 years ago and not to even send an email warning registered users? I got an email from them with a warning about the risk…3 days after my drive was wiped

1 Like

Understood, but what about a simple email blast 2 years ago with a warning? How much would that have cut into their profits? They were able to send one this time after many people lost data.

They way I see it, this may cut into their profits with disgruntled users who either pursue a class action lawsuit and/or refusing to spend another dollar on anything with the WD name on it.

1 Like

Believe me, I don’t think many people would be as upset losing data had a drive encountered a mechanical or board level failure after all these years. What’s upsetting is that apparently they were aware of a vulnerability in their product and didn’t notify registered users with an email a few years ago. But I digress


The fact that they KNEW about this 2+ years ago and did Nothing will be what bites them in the a$$. I’m just not sure how hard a bite it will be… Those who didn’t properly back up their files will not factor in, but the complete loss of use as a working NAS will.