Alarming Western Digital My Book Live Hack Reportedly Involved Two Dueling Security Exploits
On June 23rd, WD Community Forum user sunspeak created a forum post that would ultimately spearhead the community outcry over the wiping of My Book Live devices. There have now been over 46,000 views and 763 replies on that post at the time of writing, some of which have devolved into fighting whether a company can just "end-of-life" (EOL) a product and not support it when there are glaring security issues. In any case, it seems the unpatched 2018 vulnerability was not the only thing at play here.
It is speculated that the mass-device wiping that occurred “could be an attempt at a rival botnet operator to take over these devices or render them useless, or someone who wanted to otherwise disrupt the botnet which has likely been around for some time, since these issues have existed since 2015.” Whatever the case is, there are still 55,348 WD My Book Live devices across the internet that Censys has detected, many of which are still being compromised by malware and may be wiped soon after. Thus, Western Digital My Book Live owners need to be incredibly careful with their devices and pull them offline, as they are now caught in the destructive crossfire of hackers. Moreover, Western Digital needs to make a move before this spirals out of control entirely, if it has not already.