WD My Book NAS are being remotely wiped

E

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,909

WD My Book NAS devices are being remotely wiped clean worldwide


People with WD My Book NAS are finding are finding their NAS storage being remotely deleted, WD claims it's individual accounts that have been compromised but it's apparently happening to quite a few people.

According to the article all remote access goes through WD servers which they bill as a security feature but seems like a big red flag to me even if I did trust them to keep it secure which I don't.
 
Zepher said:
those aren't cost effective to shuck since the NAS itself is quite pricey.
Easystore, Elements, and My Books are the ones that are cheap to shuck when on sale.
Click to expand...
I see, I never bothered with any of that because I like to know exactly what I'm getting. I had heard of the My Books being shucked but I probably should have guessed that they have different versions.
 
Ebernanut said:
I see, I never bothered with any of that because I like to know exactly what I'm getting. I had heard of the My Books being shucked but I probably should have guessed that they have different versions.
Click to expand...
They all have pretty much the same drives in them. The 8TB My Books I shucked the other day were air filled.
My Books have 3 year warranty vs 2 years for the Elements and Easystore. I am not sure what the warranty of the NAS versions area.
And WD won't warranty a shucked bare drive.
 
Zepher said:
They all have pretty much the same drives in them. The 8TB My Books I shucked the other day were air filled.
My Books have 3 year warranty vs 2 years for the Elements and Easystore. I am not sure what the warranty of the NAS versions area.
And WD won't warranty a shucked bare drive.
Click to expand...
This. The drives in some cases are identical.
And yes the easystore bestbuy models are generally the sought after models when they are on sale, but they are essentially identical even on a hardware level as far as the drive inside is concerned.

I don’t think I’d use their NAS system tho. Sucks for people tho if they are getting wiped.
 
Tsumi said:
An update to the hack: https://arstechnica.com/gadgets/202...-bug-to-mass-wipe-my-book-live-devices/?amp=1

Looks like a hacker tried to take control of drives that were already under the control of a botnet. These drives were already compromised, possibly for years, prior to being wiped.
Click to expand...
Yeah that's interesting. It's still WD's fault though since both were caused by flaws in their code, whoever thought it was a good idea to remove the code requiring a password to do a remote factory reset shouldn't be working on internet connected devices anymore.
 
Tsumi said:
An update to the hack: https://arstechnica.com/gadgets/202...-bug-to-mass-wipe-my-book-live-devices/?amp=1

Looks like a hacker tried to take control of drives that were already under the control of a botnet. These drives were already compromised, possibly for years, prior to being wiped.
Click to expand...
"My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices."

I'm sure their newer cloud software is totally better than their older cloud software!
 
So trade in your security flawed disks that at least only had local copies of your data, for our disk that makes a copy of your data and stores it in our cloud?
 
Krazy925 said:
Yikes. This could end up being a lawsuit.
Click to expand...
This is only happening on device that were sold over 10 years ago and are EOL ages ago, so really for anyone whos data is that important, they are stupid to be trusting it to a single drive spinning rust ext. for over 10 years really.

It does not justify the issue and what is the cause, but it is a 10 year old device that has not had any updates since 2015.
 
I can only imagine how much this will cost them. It’s possibly millions of devices where data was wiped.
 
MrGuvernment said:
This is only happening on device that were sold over 10 years ago and are EOL ages ago, so really for anyone whos data is that important, they are stupid to be trusting it to a single drive spinning rust ext. for over 10 years really.

It does not justify the issue and what is the cause, but it is a 10 year old device that has not had any updates since 2015.
Click to expand...
To let you factory reset without a password check is the most boneheaded thing I’ve ever heard. This will hurt them especially because of how it’s played up in the press.

WD will be fine but it’s still a lot of egg on the face.
 
I agree 100%, but reality is, majority of people who buy external drives will forget about this by tomorrow anyways,. and others will either never buy an ext drive again or just go buy another brand, which have had their own issues most likely or will. And those who know better, and want to keep their data for a longer period, are not using 10 year old ext USB drives solely.

People's attention span these days is literally like a few days for "big news"....
 
MrGuvernment said:
And those who know better, and want to keep their data for a longer period, are not using 10 year old ext USB drives solely.
Click to expand...
That sounds like victim blaming, personally I'd never use or trust such a device but they shouldn't have the security holes that they clearly do.

They were also released 10 years ago not discontinued 10 years ago like you seem be implying, considering that you can still buy them from amazon and newegg marketplace vendors I would guess they were still being sold in major stores until fairly recently. On top of that people treat this sort of thing like an appliance where they only replace it if it breaks or no longer meets their needs, they don't think "Hey this thing still works fine but I should check when it was released and get rid of it if it has been 10 years".

WD has been my go to brand for platter drives since Quantum bit the bullet but between this, the SMR thing, and the recent issues with some of their m.2 drives I have to question that.
 
Ebernanut said:
That sounds like victim blaming, personally I'd never use or trust such a device but they shouldn't have the security holes that they clearly do.

They were also released 10 years ago not discontinued 10 years ago like you seem be implying, considering that you can still buy them from amazon and newegg marketplace vendors I would guess they were still being sold in major stores until fairly recently. On top of that people treat this sort of thing like an appliance where they only replace it if it breaks or no longer meets their needs, they don't think "Hey this thing still works fine but I should check when it was released and get rid of it if it has been 10 years".

WD has been my go to brand for platter drives since Quantum bit the bullet but between this, the SMR thing, and the recent issues with some of their m.2 drives I have to question that.
Click to expand...

People just have too little awareness of cybersecurity in general. Nothing should be public internet facing unless it doesn't matter if it gets compromised (you have to be 100% certain of this) or gets regular security updates. At this point it should apply to old phones as well with what people do on them.
 
These devices are EOL and no updates have been released to them since 2015, if stores are selling them, they are selling an EOL product for this line. I am not victim blaming, but far too many people do not do research on how to keep their data safe until it is too late. This is going to be a wake up call for many people. I do not support WD's crappy coding and this error, but people do need to realize that if they want their data kept safe, they do need to rely on more than 1 single device to do so.
 
MrGuvernment said:
These devices are EOL and no updates have been released to them since 2015, if stores are selling them, they are selling an EOL product for this line. I am not victim blaming, but far too many people do not do research on how to keep their data safe until it is too late. This is going to be a wake up call for many people. I do not support WD's crappy coding and this error, but people do need to realize that if they want their data kept safe, they do need to rely on more than 1 single device to do so.
Click to expand...
Yeah, making sure they don't lose critical data requires more than one type of backup. Keeping it secure means staying up to date on best practices. Basic data security should be a mandatory class in high schools nowadays due to how important (and easily abused) digital data is.
 
If I setup any NAS the web facing stuff and media stuff is always switched off. The apps are also uninstalled. Just want the network protocol and file-sharing thanks.
 
Tsumi said:
People just have too little awareness of cybersecurity in general. Nothing should be public internet facing unless it doesn't matter if it gets compromised (you have to be 100% certain of this) or gets regular security updates. At this point it should apply to old phones as well with what people do on them.
Click to expand...

Most can’t tell you what public facing is. People buy things with this expectation that it will be secure and great and never require you to do anything till it dies. I think another user said “appliance” and that fits.

By the time people understand cyber security they will be old and out dated and we will be into the next catchy term.
1_rick said:
"My Book Live customers will also be eligible for a trade-in program so they can upgrade to My Cloud devices."

I'm sure their newer cloud software is totally better than their older cloud software!
Click to expand...

I had to laugh at this as well. I mean why would anyone with an ounce of sense think this is a acceptable solution?
 
Gavv said:
Most can’t tell you what public facing is. People buy things with this expectation that it will be secure and great and never require you to do anything till it dies. I think another user said “appliance” and that fits.

By the time people understand cyber security they will be old and out dated and we will be into the next catchy term.


I had to laugh at this as well. I mean why would anyone with an ounce of sense think this is a acceptable solution?
Click to expand...
Getting free stuff, and more expensive, is a great solution. A solution to be the bad press, that is. Buying happiness is one of the easiest things to do.
 
You must log in or register to reply here.
Back
Top