WD My Book Users Unplug Right Now Before You Lose Your Plots

Unlike QNAP devices, which are commonly connected to the Internet and exposed to attacks such as the QLocker Ransomware, the Western Digital My Book devices are stored behind a firewall and communicate through the My Book Live cloud servers to provide remote access.

Some users have expressed concerns that Western Digital’s servers were hacked to allow a threat actor to push out a remote factory reset command to all devices connected to the service.

If a threat actor wiped devices, it is strange as no one has reported ransom notes or other threats, meaning the attack was simply meant to be destructive.

If you own a Western Digital My Book NAS device, it is strongly advised that you disconnect it from the network until we learn more about what is happening.

Update 5:45 PM EST: Western Digital told BleepingComputer that they are actively investigating the attacks but do not believe it was a compromise of their servers.

They believe that attacks were conducted after some of the My Book owners had their accounts compromised.

1 Like

I had no Idea MyBooks had a NAS- or Cloud-Funktion.
Mine are shuckled anyway :slightly_smiling_face:

Apparently this was an attack using a 0-day.

Just to clarify: WD My Book != WD My Book Live

This only concerns Live products. These products a LAN port and NAS/cloud capabilities.

To the best of my knowledge, data on regular My Books is completely safe. Even if they aren’t shucked.