A nightmare scenario for personal cloud storage users is playing out right now thanks to malicious actors attacking certain Western Digital connected hard drives. The situation is so desperate that WD support is telling customers to unplug their My Book Live hardware from the internet as soon as possible in order to avert disaster.
According to reports from My Book Live owners on the WD Community forums, multiple users awoke on June 24 to find their drive wiped clean. Some were entirely unable to access their systems while others who were able to regain control found that all of their data was gone. One user summed things up quite succinctly: "I am totally screwed without that data...years of it."
Diagnostics on affected devices appear to show that a factory reset was performed remotely and Western Digital confirms that this is due to malicious software. The company urges you to disconnect your My Book Live or My Book Live Duo from the internet to protect your data (if you're lucky enough to still have it). WD is investigating the cause and will provide updates here in due course.
These devices haven't had a firmware update since 2015, so it's perhaps unsurprising that an exploit such as this exists. It appears as though the vulnerability has been known since 2019, too, so this is a terrible look for a company specializing in the area of data storage. Let's help it does all it can to help those who have lost years' worth of data.