fbpx

Your IT Support Experts

We partner with many types of businesses, and strive to eliminate IT issues before they cause expensive downtime.

Home

Stores

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

JensenIT Blog

Vulnerability Leads to the Deletion of All Data on My Book NAS Devices

Vulnerability Leads to the Deletion of All Data on My Book NAS Devices

Nothing is more frustrating than going to log into your device and finding out that you either cannot access it or that files you thought were there have been wiped. Unfortunately, this is the situation that many users of a specific device have recently gone through. Thanks to an unpatched vulnerability, users of Western Digital’s My Book network-attached storage device are suffering from lost files and lost account access stemming from remote access.

The Western Digital My Book NAS device gives users the ability to remotely access their files, even if the NAS device is secured with a firewall or router. Essentially it is a consumer-based external hard drive that you could potentially access from outside your home network. Bleeping Computer reports that some users cannot access their devices due to what appears to be a factory reset, and they received an “Invalid Password” notification upon login. Some users have tried using the default login credentials, too, but to no avail. 

After a little digging on the users’ end, they discovered that their devices received a remote command to perform a factory reset. Bleeping Computer calls this attack an odd one as far as remote attacks go, mostly because the device targeted is secured behind a firewall and communications funnel through the My Book Live cloud servers. This has led some users to believe that the Western Digital servers were hacked, but it is odd that the extent of the damage is only deleted files rather than installed ransomware or other threats.

Although Western Digital is investigating the attack, Bleeping Computer does detail a statement issued by the company, stating the following:

  • “If you own a WD My Book Live NAS device, Western Digital strongly recommends that you disconnect the device from the Internet. ‘At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device,’ Western Digital said in an advisory.”

These WD My Book Live Devices have not received updates since 2015, so vulnerabilities are not entirely unexpected. However, this is more or less a wakeup call for those who have been considering an upgrade for the device. In general, you don’t want to utilize devices that are not actively being supported by the manufacturer, as failing to receive said security updates could result in situations like the one we’ve detailed above. You should also make sure that you are deploying said updates as they are released, as not doing so is the equivalent of using unsupported technology solutions. Remember, it is your responsibility to protect your data!

It’s also imperative that you always store all of your important data on at least two separate devices, or even three for most businesses. Since the device in this case was an external hard drive, hopefully the majority of users were using it as a backup, but we’re afraid that isn’t always going to be the case. Don’t rely on a single drive to store your data!

Need a Hand with Updates and Maintenance?

If your business is ready to start taking its technology updates seriously, JensenIT can help you deploy updates or potentially even upgrade to new hardware to minimize the odds of security issues arising. To learn more about how we can help you keep your infrastructure as secure as possible, give us a call at (847) 803-0044.

Tips to Find a Reliable Printer and Copier Mainten...
More People are Choosing Mobile
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Monday, July 26, 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.jensenit.com/

Customer Login

Latest Blog

Cybersecurity is one of those components to an IT strategy that is absolutely critical; you cannot ignore it in today’s age of ransomware and other high-profile hacks. In order to make sure that you are prepared to handle anything that comes your way, you must periodically test your security practices and assess how well your team can prepare for attacks. The question remains as to how often you should do this.

Contact Us

Learn more about what JensenIT can do for your business.

JensenIT
1689 Elk Blvd
Des Plaines, Illinois 60016

Sign up for our Newsletter!

Hey! Before you go, subscribe to our newsletter for IT tech tips and advice!