CoreTech Blog

CoreTech Blog

CoreTech has been serving the Bowling Green area since 2006, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Vulnerability Leads to the Deletion of All Data on My Book NAS Devices

Vulnerability Leads to the Deletion of All Data on My Book NAS Devices

Nothing is more frustrating than going to log into your device and finding out that you either cannot access it or that files you thought were there have been wiped. Unfortunately, this is the situation that many users of a specific device have recently gone through. Thanks to an unpatched vulnerability, users of Western Digital’s My Book network-attached storage device are suffering from lost files and lost account access stemming from remote access.

The Western Digital My Book NAS device gives users the ability to remotely access their files, even if the NAS device is secured with a firewall or router. Essentially it is a consumer-based external hard drive that you could potentially access from outside your home network. Bleeping Computer reports that some users cannot access their devices due to what appears to be a factory reset, and they received an “Invalid Password” notification upon login. Some users have tried using the default login credentials, too, but to no avail. 

After a little digging on the users’ end, they discovered that their devices received a remote command to perform a factory reset. Bleeping Computer calls this attack an odd one as far as remote attacks go, mostly because the device targeted is secured behind a firewall and communications funnel through the My Book Live cloud servers. This has led some users to believe that the Western Digital servers were hacked, but it is odd that the extent of the damage is only deleted files rather than installed ransomware or other threats.

Although Western Digital is investigating the attack, Bleeping Computer does detail a statement issued by the company, stating the following:

  • “If you own a WD My Book Live NAS device, Western Digital strongly recommends that you disconnect the device from the Internet. ‘At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device,’ Western Digital said in an advisory.”

These WD My Book Live Devices have not received updates since 2015, so vulnerabilities are not entirely unexpected. However, this is more or less a wakeup call for those who have been considering an upgrade for the device. In general, you don’t want to utilize devices that are not actively being supported by the manufacturer, as failing to receive said security updates could result in situations like the one we’ve detailed above. You should also make sure that you are deploying said updates as they are released, as not doing so is the equivalent of using unsupported technology solutions. Remember, it is your responsibility to protect your data!

It’s also imperative that you always store all of your important data on at least two separate devices, or even three for most businesses. Since the device in this case was an external hard drive, hopefully the majority of users were using it as a backup, but we’re afraid that isn’t always going to be the case. Don’t rely on a single drive to store your data!

Need a Hand with Updates and Maintenance?

If your business is ready to start taking its technology updates seriously, CoreTech can help you deploy updates or potentially even upgrade to new hardware to minimize the odds of security issues arising. To learn more about how we can help you keep your infrastructure as secure as possible, give us a call at (270) 282-4926.

Tips to Find a Reliable Printer and Copier Mainten...
More People are Choosing Mobile
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Monday, 23 December 2024

Captcha Image

About CoreTech

CoreTech has been serving the Kentucky area since 2006, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

Last week, we discussed why X—the social media network once known as Twitter—has been losing many users. Here, we wanted to direct those seeking a move to consider the up-and-coming platform known as Bluesky in case you were one of those jumping ship...

Contact Us

1711 Destiny Lane Suite 116
Bowling Green, Kentucky 42104

Mon to Fri 8:00am to 5:00pm

[email protected]

(270) 282-4926


Nashville Managed IT
Louisville and Lexington Managed IT
Bowling Green Managed IT
Clarksville Managed IT