![]() ![]() I’m not going to lie, I have been in tears over this pretty much all day. Some of the wails of pain that arose from Western Digital users on the forum: “No one was even home to use this drive at this time.” Years of Data: Now Toast “I believe this is the culprit of why this happens,” sunpeak wrote. Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive Jun 23 16:02:31 MyBookLive _: pkg: alerts Jun 23 16:02:31 MyBookLive _: pkg: date-time Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav Jun 23 16:02:30 MyBookLive _: pkg: networking-general Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start Jun 23 15:14:05 MyBookLive shutdown: shutting down for system reboot Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script: Sunpeak offered up these entries from their drive’s user.log: The user wrote that it is “very scary” that a threat actor could perform a factory reset on drives without permission granted by end users. Nor did the landing page offer the option of resetting or retrieving the password. When sunpeak attempted to input the default password “admin,” it didn’t work. The WD My Book landing page users saw after their devices were wiped. “Previously the 2T volume was almost full but now it shows full capacity,” sunpeak said, going on to describe how, upon trying to login to the control user interface to diagnose the issue, they were only able to get to the landing page shown below, which prompted them to input their “owner password.” Sunpeak went on to describe how they discovered that 2T of data – an almost full disk – went up in a puff of smoke, leaving the directories still there but echoing, all emptied out. ![]() Scores of other forum members confirmed receiving the factory-reset messages, and confirmed the timing. One user using the handle “sunpeak” said that their folders all had an edit date of June 23 (Wednesday), around 3 p.m. It was BleepingComputer’s Lawrence Abrams that first came across the issue being reported on the Western Digital community forum. The compromise delivers the data slaughter in the form of a factory reset that “appears to erase all data on the device,” according to Western Digital’s advisory. Western Digital is blaming the remote wipes – which have happened even if the network-attached storage (NAS) devices are behind a firewall or router – on the exploitation of a remote command-execution (RCE) vulnerability. Users can remotely access files and make configuration changes through Western Digital’s cloud infrastructure. The specific model involved in the data-demolition incident is known as My Book Live: a model that uses an Ethernet cable to connect to a local network. It typically plugs into computers via USB. Western Digital’s My Book storage device is designed for consumers and businesses. If you haven’t already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |