Data-Wiping Malware Hit a Large Number of Western Digital ‘My Book Live’ Disks

Published on June 25, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Users of ‘My Book Live,’ Western Digital’s cloud storage service, are reporting that somehow, their data have been wiped, and their “owner passwords” have been reset. The company confirmed this scary situation and is now officially advising the users to disconnect the cloud storage devices from the internet to avoid data-wiping incidents. The problem appeared to be some kind of malware strain has crept into the company’s update servers, but this was refuted by the hard drive maker.

What this malware does, according to multiple user reports who looked at the logs on their wiped drives, is to send a remote factory reset command on their devices. This returns the drives at their original factory condition - which means empty of all data. Whether or not these files can be restored now depends on how the erasing procedure is done, as well as the type of the hard drive. Possibly, retrieving the lost data will be technically feasible, but we weren’t able to confirm this just yet.

Source: Western Digital

Officially, Western Digital claims that its servers weren’t affected in any way and that the problems result from some user accounts having been compromised by malicious actors. So, according to the company, this is just a stuffing attack that takes over accounts and wipes the connected drives. As WD clarifies, the final official firmware update for the ‘My Book Live’ devices came out in 2015, so this is not coming from them. This statement hardly provides any clarifications about what exactly is causing the wiping, though.

The situation remains ongoing, and the user reports about having their NAS drives wiped keep on coming from all corners of the world. If you are using ‘My Book Live,’ disconnect your device from the internet immediately. If you already had your data wiped, wait patiently for further updates from WD on what to do and how to potentially restore your data. Performing any write/delete actions on these drives will result in replacing the “shadow” entries of the data that could be potentially restored, so for now, don’t touch them.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: