Western Digital's NAS 'My Book Live' is experiencing a phenomenon that all data disappears, officially saying 'Anyway, disconnect the Internet immediately'



The phenomenon that all the data saved in

the NAS 'My Book Live ' of Western Digital (WD) disappears frequently. WD is investigating this phenomenon and recommends that you stop your internet connection until you notify us later.

“I'm totally screwed.” WD My Book Live users wake up to find their data deleted | Ars Technica
https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/

The large-scale data disappearance phenomenon in 'My Book Live' became clear from the following report posted on the official bulletin board on June 24, 2021.

Help! All data in mybook live gone and owner password unknown --My Book Live --WD Community
https://community.wd.com/t/help-all-data-in-mybook-live-gone-and-owner-password-unknown/268111

The report said, 'My Book Live, which I own, is connected to my home LAN and has been working well for years, but suddenly on June 24th, it had a capacity of 2TB. All the last-minute data has disappeared. Even stranger, when I try to log in to the control UI for diagnostics, I only see a landing page (pictured below) that requires an 'owner password'. I couldn't, I tried the default password 'admin' on this screen or the password I set, but I couldn't log in. This landing page doesn't seem to be able to recover or reset the password. Anyone can help. The content is 'Hmm?' The image of the landing page posted by the reporter is below.



This report has collected 108 replies in 14 hours, many of which are like 'I'm experiencing the same phenomenon.' There was also a heartbreaking shout, 'I had saved 10 years of work and photo data.'

A log posted by a reporter suggests that a process to restore factory defaults was initiated when this symptom occurred. According to this poster, no one was using My Book Live at the time when this phenomenon occurred, and even no one was at home in the first place, and the poster said, 'Someone drives without permission from the end user. It's very scary to be able to restore the factory to factory condition. '

Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script:
Jun 23 15:14:05 MyBookLive shutdown [24582]: shutting down for system reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-general
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname = MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api



In response to a series of phenomena, WD officials said, 'We have determined that some My Book Live devices have been compromised by malicious software. In some cases, this unauthorized access resulted in a factory reset. It seems that all the data on the device has been erased. At this time, we recommend disconnecting My Book Live from the internet to protect the data on the device. We are actively investigating. We will keep you updated in this thread as soon as we have the latest information. ' I asked the user to disconnect My Book Live's internet connection and wait for more information.

Action Required on My Book Live and My Book Live Duo --WD Legacy Products / My Book Live --WD Community
https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147



in Hardware, Posted by darkhorse_log