>>>>"Western Digital My Book Live users wake up to find their data deleted. Storage-device maker advises customers to unplug My Book Lives from the Internet ASAP. Western Digital, maker of the popular My Disk external hard drives, is recommending that customers unplug My Book Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world."
>>>>
>>>>Source: arsTECHNICA - https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/
>>>
>>>The best writeup I've seen so far is at https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/
>>>
>>>Those devices will likely have been behind at least a NAT firewall and not directly accessible from the public internet. So for them to have been accessed remotely it would have to have been through WD's cloud service. From the nature of this event the most obvious cause would be a vulnerability or compromise of the WD cloud service. If WD device passwords were left at the default that might have contributed.
>>>
>>>If the last firmware update for these devices was in 2015 then the WD cloud service must be older than that, which is Stone Age for cloud services. Who knows how much effort WD has put into maintaining and securing it over the years.
>>>
>>>The article https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/ shows that "Remote Access" can be disabled if the device hasn't already been reset. Presumably that prevents the device from connecting with the WD cloud. However, given the tendency for consumer devices to "phone home" for telemetry or other reasons (maybe automatic updates?) communications may still be taking place which could provide "back door" remote access. It sounds like good advice to disconnect these devices from Ethernet (or at least internet access) until more is known.
>>
>>That makes a lot of sense what you have written. If you store your backups in the cloud you are always at the mercy of the cloud's security and you need only look at the recent hacks that have happened (the pipeline etc.) to see that probably everyone can get hacked, It probably just comes down to whether it's worth the attackers time and effort. I feel for the people losing their data, most would not be IT experts are would not have been able to evaluate the risks.
>
>From what I can tell the victims weren't storing their data in a WD cloud. But it seems likely their devices were remotely accessible through WD. It looks like a 3rd-party mediated service similar to LogMeIn, GoToMyPC etc. The data are on their devices but remote communications to them are through WD.

That is about the picture I get from various other sources. In the cacophonic outrage raised by the articles, a few pointed out that with disabled comm to WD, the device was either hard to use or needed feutures were lost. No way to decide if those were PEBKAC issues or the others had lower level of wishes.

>Your point about not being able to evaluate the risks is well taken. It's a classic example of convenience vs security. It would be interesting to find out if remote access on those devices was enabled by default.

From what I read, it was, including factory set identical pwd - which is not totally wrong if you read the markting blurb offered with it. If you bought device for the optiom to access data from anywhere, not only from inside your LAN, it makes sense. If the idea that it was a cheap NAS was not enough to sell, supporting the idea such internet access is as secure as LAN restricted NAS is IMO the "stooopid" part. This should not be seen as part of your normal data and backup routine, but as an area or device were copies are made available.