WD My Book NAS are being remotely wiped

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,541

WD My Book NAS devices are being remotely wiped clean worldwide


People with WD My Book NAS are finding are finding their NAS storage being remotely deleted, WD claims it's individual accounts that have been compromised but it's apparently happening to quite a few people.

According to the article all remote access goes through WD servers which they bill as a security feature but seems like a big red flag to me even if I did trust them to keep it secure which I don't.
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,541
those aren't cost effective to shuck since the NAS itself is quite pricey.
Easystore, Elements, and My Books are the ones that are cheap to shuck when on sale.
I see, I never bothered with any of that because I like to know exactly what I'm getting. I had heard of the My Books being shucked but I probably should have guessed that they have different versions.
 

Zepher

[H]ipster Replacement
Joined
Sep 29, 2001
Messages
18,767
I see, I never bothered with any of that because I like to know exactly what I'm getting. I had heard of the My Books being shucked but I probably should have guessed that they have different versions.
They all have pretty much the same drives in them. The 8TB My Books I shucked the other day were air filled.
My Books have 3 year warranty vs 2 years for the Elements and Easystore. I am not sure what the warranty of the NAS versions area.
And WD won't warranty a shucked bare drive.
 

jmilcher

Supreme [H]ardness
Joined
Feb 3, 2008
Messages
5,277
They all have pretty much the same drives in them. The 8TB My Books I shucked the other day were air filled.
My Books have 3 year warranty vs 2 years for the Elements and Easystore. I am not sure what the warranty of the NAS versions area.
And WD won't warranty a shucked bare drive.
This. The drives in some cases are identical.
And yes the easystore bestbuy models are generally the sought after models when they are on sale, but they are essentially identical even on a hardware level as far as the drive inside is concerned.

I don’t think I’d use their NAS system tho. Sucks for people tho if they are getting wiped.
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,541
An update to the hack: https://arstechnica.com/gadgets/202...-bug-to-mass-wipe-my-book-live-devices/?amp=1

Looks like a hacker tried to take control of drives that were already under the control of a botnet. These drives were already compromised, possibly for years, prior to being wiped.
Yeah that's interesting. It's still WD's fault though since both were caused by flaws in their code, whoever thought it was a good idea to remove the code requiring a password to do a remote factory reset shouldn't be working on internet connected devices anymore.
 

1_rick

[H]ard|Gawd
Joined
Feb 7, 2017
Messages
1,972
An update to the hack: https://arstechnica.com/gadgets/202...-bug-to-mass-wipe-my-book-live-devices/?amp=1

Looks like a hacker tried to take control of drives that were already under the control of a botnet. These drives were already compromised, possibly for years, prior to being wiped.
"My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices."

I'm sure their newer cloud software is totally better than their older cloud software!
 

ThatITGuy

Gawd
Joined
May 5, 2017
Messages
545
So trade in your security flawed disks that at least only had local copies of your data, for our disk that makes a copy of your data and stores it in our cloud?
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
Yikes. This could end up being a lawsuit.
This is only happening on device that were sold over 10 years ago and are EOL ages ago, so really for anyone whos data is that important, they are stupid to be trusting it to a single drive spinning rust ext. for over 10 years really.

It does not justify the issue and what is the cause, but it is a 10 year old device that has not had any updates since 2015.
 

next-Jin

Supreme [H]ardness
Joined
Mar 29, 2006
Messages
6,933
I can only imagine how much this will cost them. It’s possibly millions of devices where data was wiped.
 

Krazy925

Supreme [H]ardness
Joined
Sep 29, 2012
Messages
6,368
This is only happening on device that were sold over 10 years ago and are EOL ages ago, so really for anyone whos data is that important, they are stupid to be trusting it to a single drive spinning rust ext. for over 10 years really.

It does not justify the issue and what is the cause, but it is a 10 year old device that has not had any updates since 2015.
To let you factory reset without a password check is the most boneheaded thing I’ve ever heard. This will hurt them especially because of how it’s played up in the press.

WD will be fine but it’s still a lot of egg on the face.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
I agree 100%, but reality is, majority of people who buy external drives will forget about this by tomorrow anyways,. and others will either never buy an ext drive again or just go buy another brand, which have had their own issues most likely or will. And those who know better, and want to keep their data for a longer period, are not using 10 year old ext USB drives solely.

People's attention span these days is literally like a few days for "big news"....
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,541
And those who know better, and want to keep their data for a longer period, are not using 10 year old ext USB drives solely.
That sounds like victim blaming, personally I'd never use or trust such a device but they shouldn't have the security holes that they clearly do.

They were also released 10 years ago not discontinued 10 years ago like you seem be implying, considering that you can still buy them from amazon and newegg marketplace vendors I would guess they were still being sold in major stores until fairly recently. On top of that people treat this sort of thing like an appliance where they only replace it if it breaks or no longer meets their needs, they don't think "Hey this thing still works fine but I should check when it was released and get rid of it if it has been 10 years".

WD has been my go to brand for platter drives since Quantum bit the bullet but between this, the SMR thing, and the recent issues with some of their m.2 drives I have to question that.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,504
That sounds like victim blaming, personally I'd never use or trust such a device but they shouldn't have the security holes that they clearly do.

They were also released 10 years ago not discontinued 10 years ago like you seem be implying, considering that you can still buy them from amazon and newegg marketplace vendors I would guess they were still being sold in major stores until fairly recently. On top of that people treat this sort of thing like an appliance where they only replace it if it breaks or no longer meets their needs, they don't think "Hey this thing still works fine but I should check when it was released and get rid of it if it has been 10 years".

WD has been my go to brand for platter drives since Quantum bit the bullet but between this, the SMR thing, and the recent issues with some of their m.2 drives I have to question that.

People just have too little awareness of cybersecurity in general. Nothing should be public internet facing unless it doesn't matter if it gets compromised (you have to be 100% certain of this) or gets regular security updates. At this point it should apply to old phones as well with what people do on them.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
These devices are EOL and no updates have been released to them since 2015, if stores are selling them, they are selling an EOL product for this line. I am not victim blaming, but far too many people do not do research on how to keep their data safe until it is too late. This is going to be a wake up call for many people. I do not support WD's crappy coding and this error, but people do need to realize that if they want their data kept safe, they do need to rely on more than 1 single device to do so.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,504
These devices are EOL and no updates have been released to them since 2015, if stores are selling them, they are selling an EOL product for this line. I am not victim blaming, but far too many people do not do research on how to keep their data safe until it is too late. This is going to be a wake up call for many people. I do not support WD's crappy coding and this error, but people do need to realize that if they want their data kept safe, they do need to rely on more than 1 single device to do so.
Yeah, making sure they don't lose critical data requires more than one type of backup. Keeping it secure means staying up to date on best practices. Basic data security should be a mandatory class in high schools nowadays due to how important (and easily abused) digital data is.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,437
If I setup any NAS the web facing stuff and media stuff is always switched off. The apps are also uninstalled. Just want the network protocol and file-sharing thanks.
 

Gavv

[H]F Junkie
Joined
Dec 4, 2005
Messages
14,552
People just have too little awareness of cybersecurity in general. Nothing should be public internet facing unless it doesn't matter if it gets compromised (you have to be 100% certain of this) or gets regular security updates. At this point it should apply to old phones as well with what people do on them.

Most can’t tell you what public facing is. People buy things with this expectation that it will be secure and great and never require you to do anything till it dies. I think another user said “appliance” and that fits.

By the time people understand cyber security they will be old and out dated and we will be into the next catchy term.
"My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices."

I'm sure their newer cloud software is totally better than their older cloud software!

I had to laugh at this as well. I mean why would anyone with an ounce of sense think this is a acceptable solution?
 

auntjemima

[H]F Junkie
Joined
Mar 1, 2014
Messages
8,469
Most can’t tell you what public facing is. People buy things with this expectation that it will be secure and great and never require you to do anything till it dies. I think another user said “appliance” and that fits.

By the time people understand cyber security they will be old and out dated and we will be into the next catchy term.


I had to laugh at this as well. I mean why would anyone with an ounce of sense think this is a acceptable solution?
Getting free stuff, and more expensive, is a great solution. A solution to be the bad press, that is. Buying happiness is one of the easiest things to do.
 
Top