The Western Digital My Book drive hack, which allowed intruders to remotely wipe people’s data, has been found to have used two separate security exploits.
My Book Live and Live Duo devices around the world, which offer internet-connected storage via an Ethernet jack, were remotely accessed and factory reset last week, resulting in the loss of petabytes of data and prompting the company to urge customers to immediately disconnect unaffected drives.
According to Western Digital, the devices were subject to two separate vulnerabilities – one which installed malware, and another that enabled the factory reset.
“The log files we reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries.
“Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device,” the manufacturer said.
Western Digital will offer free data recovery services to affected customers, as well as trade-ins for My Book Live users to newer supported My Cloud devices.
