If you haven’t already, stop reading and go yank your My Book Live storage device offline, let you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world.
Western Digital’s My Book storage device is designed for consumers and businesses. It typically plugs into computers via USB. The specific model involved in the data-demolition incident is known as My Book Live: a model that uses an Ethernet cable to connect to a local network. Users can remotely access files and make configuration changes through Western Digital’s cloud infrastructure.
Western Digital is blaming the remote wipes – which have happened even if the network-attached storage (NAS) devices are behind a firewall or router – on the exploitation of a remote command-execution (RCE) vulnerability.