Western Digital is asking customers to disconnect My Book Live hard drives from the internet to prevent malware from wiping them of data.
Hackers appeared to be taking advantage of a vulnerability first published in 2019. Western Digital stopped supporting My Live drives in 2015, and have not updated their firmware since then.
“Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device,” the company wrote Thursday.
The issue came to light as My Book Live and My Book Live Duo users flooded company forums with complaints their drives had failed.
“I am totally screwed without that data…years of it,” wrote one user.
“I have been in tears over this pretty much all day,” wrote another. “I started a new job seven months ago and all my data/work was on here.”
In a post about the issue, Western Digital said they were investigating the problem.
“We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information,” the company wrote.