Disconnect WD My Book Live NAS from the Internet immediately

Some network-attached storage from WD has been reset to factory settings, wiping users’ data. Here’s how to protect your WD NAS.

Many Western Digital My Book users are complaining that their devices have been reset to factory defaults. Worse, all of the information on them suddenly disappeared. Whether the cause of the incident was a technical failure or an attack is not yet clear, but we recommend all owners disconnect their My Book Live and My Book Live Duo drives from the Internet, at least until more details from the vendor are available.

What happened to WD My Book Live drives

Log analysis shows that devices received a remote command to reset their settings to factory default, according to Bleeping Computer. That procedure includes a complete wipe of the affected disks.

A message on Western Digital’s support site says the devices were compromised through a remote code execution (RCE)–class vulnerability. WD support suspects CVE-2018-18472, reported in 2018. Any malefactor who knows the exact IP address of a WD My Book Live device can exploit the vulnerability. Experts assigned the vulnerability a severity rating of 9.8 — critical.

Why My Book Live drives were vulnerable

WD My Book Live drives are network-attached storage (NAS) devices. Popular among home users and small businesses, they support remote access to stored data, as well as backup creation. To work as intended, the devices need a stable Internet connection with access to the My Book Live cloud service.

According to Western Digital‘s message, the last time My Book Live and My Book Live Duo devices received firmware updates was in 2015, well before developers could have taken the CVE-2018-18472 vulnerability into account.

Western Digital continues to investigate the incident and promises to release new details shortly.

How to protect data on My Book Live devices

First, disconnect your My Book Live or My Book Live Duo from the Internet as soon as possible. If using router settings to do so is problematic, disconnect the drive from the network physically and then configure the router correctly.

After that, wait for news from Western Digital. The company may find a way to close the vulnerability, or even to restore lost data.

In general, we recommend using Internet-isolated solutions for creating and storing backups of important information. The isolation will prevent you from accessing backups remotely, but it will also prevent anyone else from accessing them remotely.

Some security solutions help you automate backup creation.