Malware blamed for remotely wiping WD My Book Live users' disks

Hard drive maker recommends users disconnect the cloud storage devices from the internet to protect their data.

Steven Musil
Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
2 min read

Western Digital says it doesn't believe its servers were compromised.

Western Digital

Hard disk maker Western Digital said Thursday that some users of its My Book Live cloud storage devices were suddenly losing all their data due to "malicious software" and recommended all users disconnect the devices from the internet.

The issue apparently came to Western Digital's attention through a thread on the company's support forum. The thread, started Wednesday, contained many complaints from users about their data being deleted and device passwords apparently being changed remotely.

"I have a WD mybook live connected to my home LAN and worked fine for years," wrote the user who started the thread. "I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity."

Another user on the thread wrote: "I have lost 4TB of data, this includes all my insurance policies, budgets, the usual 'life admin' as well as all the photos of my children, my wedding, etc., but just as importantly my livelihood. I am an independent consultant and my last 7 months of project work is all gone."

Several users reported on the thread that the data losses appeared to occur around the time that a factory reset was initiated on their devices. "All my data is gone too," one user wrote, saying they had received a dashboard message informing them of the factory reset. "I am totally screwed without that data... years of it."

In response to the complaints in the thread, which was first reported by Bleeping Computer, Western Digital advised My Live Book users to disconnect their devices to safeguard their data while the company investigates the source of the attack. It also said it doesn't believe its servers were compromised.

"Western Digital has determined that some My Book Live devices are being compromised by malicious software," the company wrote in an update to the forum thread. "In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers' data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device. We are actively investigating and we will provide updates to this thread when they are available."

A Western Digital spokesperson went on to say the company has no indication that customers' cloud accounts were compromised in the attack.

"We do not have any indications of a breach or compromise of Western Digital cloud services or systems, or that this impacts other products at this time," the spokesperson said.