A Quick Restore (performed through the My Cloud Dashboard > Settings > Utilities section) is supposed to erase all user data and reset the My cloud Settings back to default values. A 4 second reset or 40 second reset is NOT the same as a Quick Restore. The 4/40 second reset only resets certain My Cloud settings it does not remove user files.
Sometimes the capacity section of the Dashboard Home page is wrong or off. It is entirely possible the previous owner modified the firmware or added hidden folders that might account for the discrepancy 1.5GB in Other.
One suggestion is to download the latest v4.x firmware from the WD Support website and manually update the My Cloud using the Dashboard > Settings > Firmware page. Then perform a “Full Restore” which may/will take a significant amount of time. A full restore securely erases user data where as a quick restore only deletes user data which may potentially be recoverable.
We are users such as yourself here. Unless someone retests the latest v2.x and v4.x firmware to see if the various vulnerabilities have been patched, we can only go by what WD has claimed. One can read the firmware release notes to see what CVE’s have supposedly been addressed.
The “Latest firmware still vulnerable” thread indicated (or links in that thread indicated) that the v4.x firmware is not subject to certain vulnerabilities that affected the v2.x firmware.
Disabling Remote/Cloud Access, and disabling or not enabling FTP is one method of securing the My Cloud. While it will help prevent unwanted access from the internet it doesn’t prevent access from anyone who has access to your local network (both wired and WiFi). Securing one’s network is a multi layered/tiered approach. Once you secure the My Cloud one also needs to ensure their local network, local network router, and all devices on it are likewise secure including up to date with their latest updates (both software and firmware/hardware).
Officially no. The single bay My Cloud units do not officially support drive encryption (hardware or software) through the My Cloud Dashboard or the unit’s firmware/hardware.
Unofficially one can use various third party security software to encrypt files/folders on the My Cloud. One can use the forum search feature (magnifying glass icon upper right) to search for past discussions (there are a couple) on encrypting the single bay My Cloud units.
Yes, anyone who has physical access to the My Cloud (or most consumer grade NAS devices) can reset the device to gain access to content that was configured for restricted access. Or they could simply remove the internal hard drive from the My Cloud enclosure. One could always secure the My Cloud device in an enclosure or safe if they are concerned about someone gaining physical access to the device. Otherwise anyone who has access to the local network or local wifi also potentially can gain access (either through various unpatched vulnerabilities) or through any Public Share.
If one hasn’t done so they should read the My Cloud User Manual (https://support.wdc.com/product.aspx?ID=904) to learn how to create users and secure Shares (set Shares to Private) in addition to setting the My Cloud Dashboard to use a password for access.
