Multiple WD MyBook users have reported that all the content on their hard drives has mysteriously disappeared.
In a discussion thread that started on 24 June on the Western Digital community forum, hundreds of users have reported that their drives had been completely wiped.
The original post stated: “I have a WD MyBook Live connected to my home LAN and it worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity.”
The user also stated that upon trying to log into their device, they were met by a landing page asking for the device owner’s password, which returned an invalid password pop-up and did not provide an option to reset or retrieve the password itself.
Western Digital responded on 25 June with a post on its support page, urging users to disconnect their devices from the internet.
Confirming user fears, the company stated that “some My Book Live and My Book Live Duo devices are being compromised through the exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.”
According to the support post, some devices were infected by a trojan named “.nttpd,1-ppc-be-t1-z”, which is being investigated by the company.
WD says that none of its cloud services, firmware update servers, or customer credentials have been compromised and that they have acquired a sample device on which they are running diagnostics.
Some users have reported that data recovery tools have enabled them to recover their data.
WD says that it is currently investigating the effectiveness of these tools, but has not yet confirmed an official solution to the attack.