More than one exploit was likely used to delete data from users’ WD My Book Live NAS drives last week, according to a new report from Ars Technica.
While WD initially pointed to a known exploit first uncovered back in 2018 that allowed bad actors root access to My Book drives, it seems there’s more to the story.
Ars Technica says that while this second exploit doesn’t give hackers full control over the device, it allows them to remotely wipe the drive without knowing the password. This vulnerability was first introduced in 2011 and could have been fixed, but was de-activated so WD’s software wouldn’t authenticate when performing a factory reset on the drive, according to Censys analysts.
It’s unclear why hackers would want to reset a bunch of NAS drives, but according to Ars Technica, it could have something to do with a somewhat wild fight between different hacking groups and botnets.
WD has a full analysis of the exploit up on its website. It’s unclear if there are any plans to fix the problem, though it does say that it will provide affected customers free data recovery services and a trade-in program for a new version of the drive that still receives software support.
With all of this in mind, if you own an older WD NAS drive, it’s likely a good idea to disconnect it from the internet to prevent your data from mysteriously disappearing.
Image credit: WD
Source: Ars Technica, WD, Censys