Customers who were affected by the My Book Live device attack will be eligible for data recovery services provided by Western Digital and a trade-in program that will allow them to upgrade to a supported My Cloud device.
Western Digital has come forward and proposed a plan of action to help those who lost data in the June 23 attack. Customers affected were using legacy devices in the My Book Liveand My Book Live Duo line. The devices were remotely wiped by a still-unidentified group — or groups — of bad actors. The devices were introduced to the market in 2010 and received a final firmware update in 2015.
The company lists affected devices as follows:
- My Book Live, SKU WDBACG0030HCH
- My Book Live, SKU WDBACG0020HCH
- My Book Live, SKU WDBACG0010HCH
- My Book Live Duo, SKU WDBVHT0080JCH
- My Book Live Duo, SKU WDBVHT0060JCH
- My Book Live Duo, SKU WDBVHT0040JCH
No other devices are believed to be affected by this particular set of vulnerabilities.
Customers who lost data will be eligible for a data recovery service from Western Digital. In addition, customers will also be offered a trade-in program that will allow them to trade up to a currently supported My Cloud Device. Western Digital states that both programs will be available at some point in July, with details being announced in the near future.
A support post that went live on June 30 details what the company has uncovered so far.
Western Digital acknowledges that the My Book Live firmware is vulnerable to a remotely exploitable command when the device has remote access enabled. The company has determined that the vulnerability was introduced to My Book Live in April of 2011 as part of routine maintenance. The problem occurred when the vulnerability failed to be appropriately deactivated.
It is currently believed that attackers directly connected to affected My Book Live devices from various IP addresses across the world. Additionally, attackers could exploit vulnerabilities that allowed them to install malicious binary on the device and then use a second vulnerability to reset it.
Western Digital claims that it has not uncovered any evidence that its cloud services, firmware, or customer credentials were compromised. However, it could be possible that those affected in the attack could have vulnerable devices discovered through port scanning.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too. If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
7 Comments
Good! They should step up and help recover the data. They should have the major news outlets do a story telling affected users who have had their data wiped to unplug the device and contact WD. When you have data wiped your chances of recovery go down with every attempt to get the data back unless you really know what you are doing. I can see stories of people who had their buddy, who claims to know how, try to recover the data only to cause more damage.
This is interesting. If the data can be recovered than the drive wasn’t ‘wiped’, that is it wasn’t formatted and overwritten. If the data can be recovered then all that was removed was the directory, and the actual data would be intact.
Good for WD to at least try and make amends. Yet another example of how doing the right thing up front (providing security updates for a drive that they were half-supporting by continuing online access.) would have been so much cheaper both monetarily and I’m terms of cost to their reputation.
Nothing I'm reading here states that WD will be offering a no charge data recovery service nor will the trade-in be overwhelmingly favorable to the customer. Time will tell.