Network-attached storage (NAS) devices are external hard drives with network connectivity. They’re essentially private cloud drives you can set up in your home to access your files remotely. They’re convenient, but if you use a My Book Live and My Book Live DUO NAS drive from Western Digital, you should disconnect it from your wifi immediately to keep your data safe from hackers.
According to widespread user reports, outsiders can use the WD My Book Live app to remotely access the NAS drives. Once they’re in, the hacker steals the saved files and then performs a factory reset that wipes all stored data. Data cannot be recovered following a system reset, making this an especially devastating attack.
Normally, users would expect a security patch to fix an issue this severe. Unfortunately, Western Digital stopped supporting the affected NAS drives in 2015, and the devices have not received a new firmware update since. That explains why the vulnerability existed in the first place, but it also means a patch may never come. According to an official statement on Western Digital’s website:
Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device.
However, Western Digital did not confirm whether it will address the issue with a patch, saying:
The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the internet to protect your data on the device.
G/O Media may get a commission
Users should check their drives immediately. If the dashboard login screen says “invalid password” (and you’ve confirmed you’re using the right login info), it’s possible someone wiped the drive. If you can still log in and your data is still available, you should remove your drive from the network to prevent the attack. While you won’t be able to access the drive remotely, you can connect it directly to your PC or laptop with an Ethernet cable.
- Turn off your computer’s wifi connection.
- Connect the computer and NAS drive with an Ethernet cable.
- Restart your computer.
- The NAS drive’s light should power on and appear in your PC’s storage devices.
- If you run into any issues, consult Western Digital’s support page for troubleshooting help.