Reports from a variety of sources are telling a very scary story of owners of Western Digital My Book Live hard drives are having their drives being erased remotely by unknown hackers with a very low chance of data recovery. Western Digital has confirmed that the attacks are occurring, and has advised owners to immediately disconnect their drives from the internet. Which implies that Western Digital has no clue what’s going on and how to stop it.
There is a remote code execution vulnerability that dates back to 2018 under CVE-2018-18472 that is likely the source of the attacks. The fact that this has been out there for three years without being fixed is pretty bad and Western Digital has some explaining to do as to why it wasn’t fixed. I am sure that Western Digital will have an explanation when the inevitable class action lawsuit is filed.
In the meantime if you have one of these drives, you need to unplug it from the Internet right now. For bonus points, I would also suggest backing up the data and move it to another drive that doesn’t expose itself to the Internet. That way all your data remains safe.
Owners Of Western Digital My Book Live Hard Drives Are Having Their Drives Erased By Unknown Hackers
Posted in Commentary with tags Hacked, Western Digital on June 25, 2021 by itnerdReports from a variety of sources are telling a very scary story of owners of Western Digital My Book Live hard drives are having their drives being erased remotely by unknown hackers with a very low chance of data recovery. Western Digital has confirmed that the attacks are occurring, and has advised owners to immediately disconnect their drives from the internet. Which implies that Western Digital has no clue what’s going on and how to stop it.
There is a remote code execution vulnerability that dates back to 2018 under CVE-2018-18472 that is likely the source of the attacks. The fact that this has been out there for three years without being fixed is pretty bad and Western Digital has some explaining to do as to why it wasn’t fixed. I am sure that Western Digital will have an explanation when the inevitable class action lawsuit is filed.
In the meantime if you have one of these drives, you need to unplug it from the Internet right now. For bonus points, I would also suggest backing up the data and move it to another drive that doesn’t expose itself to the Internet. That way all your data remains safe.
2 Comments »