![wd my book troubleshooting 3% complete wd my book troubleshooting 3% complete](https://venturebeat.com/wp-content/uploads/2020/04/hp-envy-2.jpg)
It likely would’ve removed the first entity’s access to the hardware - but users’ data was caught in the crossfire. Then, another entity used the unknown remote wipe exploit to erase those devices. One hacker (or group of hackers) was using the known exploit to control the devices for some nefarious purposes. Ars Technica has a wild theory, based on analysis by security firm Censys: the data deletion happened as the result of a fight between hackers, with one botnet owner potentially trying to take over or disrupt another’s. The question still remains, though, as to why hackers decided to factory reset the devices. So why did hackers factory reset the devices? However, the company says the exploit was introduced when the refactor failed to add the correct authentication type, resulting in the vulnerability.
![wd my book troubleshooting 3% complete wd my book troubleshooting 3% complete](https://images-na.ssl-images-amazon.com/images/I/51rbOkOsfrL._SY291_BO1,204,203,200_QL40_ML2_.jpg)
WD says in its post that the code that was deactivated was intentional, and was due to the company refactoring how the authentication was done on the device.
#WD MY BOOK TROUBLESHOOTING 3% COMPLETE SOFTWARE#
Analysts found that there was code that could’ve prevented the issue, but that it was commented out (or de-activated), so the software didn’t run authentication when asked to do a factory reset. According to a security advisory from WD, the vulnerability was introduced in 2011, which is only a year after the drives were introduced. It just allows them to remotely wipe the device without having to know the password.
![wd my book troubleshooting 3% complete wd my book troubleshooting 3% complete](https://m.media-amazon.com/images/I/41fIxV6uewL.jpg)
#WD MY BOOK TROUBLESHOOTING 3% COMPLETE FULL#
The second exploit, reported by Ars Technica, doesn’t give an attacker full control over the device like the other exploit. If you have one of these devices, you should unplug it from the internet before reading any further - it’s clear at this point that your data is at risk if the device is online. However, it appears as though there’s more going on than was initially suspected. When news broke that people were finding that their data was missing, some ( including WD itself), pointed to a known exploit from 2018, which allowed for root access of the device. It looks like there may have been more than one exploit used to cause the mass deletion of data from WD My Book Live NASes last week, according to a report from Ars Technica.