Image: Western Digital/Gizmodo ( Fair useMany owners of My Book Live's external hard drive discovered that their data was gone about a week ago. The products were likely the victims of malicious hacking.AdvertisementMy Books, unlike other external hard drives are wired to home networks using an Ethernet jack. This allows all devices to access the data stored on the network. Western Digital, which makes the drives, issued a statement immediately warning users about mass exploit and asking them to disconnect their devices in order to prevent any compromise.However, there was some confusion as to the purpose of this campaign. It is not clear why criminals would break into so many storage devices to steal data.It seems that there is a new theory: The product was not only the victim of one cybercriminal group but two.Ars Technica reported that two security flaws in the My Book Live products allowed hackers to gain access and execute commands that reset the devices, purging all data stored.Western Digital stated in its initial statement that hackers had gotten in via a vulnerability discovered in 2018. The company had stopped supporting the product years before the discovery of the security flaw. The company was unsure why data was being erased.Although we don't know why the attacker initiated the factory reset, we have a sample of the affected device and will continue our investigation, the company stated at the time.AdvertisementCensys security firm researchers have offered a possible explanation. They believe that one cybercriminal group attempted to seize control of the devices from another.Censys asserts that the evidence indicates that one hacking campaign targeted the devices to create a botneta large network of compromised devices that could be used to steal data and engage in other criminal activities. Researchers speculate that a second group could have interacted to take control of the botnet.AdvertisementThis could be a bid by a rival botnet operator for control of these devices or make them inoperable (it is possible that the username/password are reset to admin/admin, allowing an attacker to take control), or someone trying to disrupt the botnet, which has been around since 2015, Censys researchers wrote.Researchers believe that some Western Digital employees made odd decisions that could have allowed the hacking to occur. Researchers claim that one of the company's developers cancelled (also known as commenting out in cyber parlance), an authentication process that ultimately allowed devices to be reset in their original state.AdvertisementArs Technica was told by HD Moore, a security expert that the vendor's comment about the authentication in the system restoration endpoint doesn't make it look good. They may have deliberately enabled bypass.It is quite bizarre. It doesn't matter what is happening, but anyone who has a My Book Live should immediately remove the cord from the wall.
