Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The type of malware is not yet know but it’s definitely very damaging.

See the NIST CVE-2018-18472. The NIST score is 9.8 which is critical and attack’s are known to be in the wild.

Users who reset their My Book Live found the disk to be empty with nothing present. Some users with a lifetime of photos were posting on the forum seeking answers. Unfortunately malware tends to be absolutely horrid.

The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.

At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device. It’s advisable to consider a USB backup solution which is less likely to be problematic. Using 3-4 USB disks in rotation can reduce risks of corruption. A modern NAS with 8 disks has more fault tolerance and and it can handle media etc.

Initial reports suggested that the hackers had carried off the attacks using a previously known vulnerability in the devices that was not fixed because WD had ceased selling and supporting them. That hack allowed a hacker to gain root access through a firmware exploit. In addressing the mass loss of data, WD suggested that hackers had taken advantage of the known vulnerability. Suspicion that a further exploit was in action comes from an older defect found a year after the My Book line was launched. In any case, WD has offered to recover the data for impacted users.


The USB hard disk is the most affordable solution. A NAS unit is more expensive but they offer larger capacity. Lately USB sticks have come down in price and offer larger capacity. The studio uses NAS storage as well as USB mostly for cold storage. Hard disks can last 12 months. DVD/BD are durable in media albumens.

3½” hard disks in a gaming box now reach 18TB so installing an extra disk can add options. The gaming box with 9 disks is simply setup as just a bunch of disks (JBOD) which Windows can handle easily. Smaller towers tend to have 4 disk bays and they can be repurposed as a NAS. At the end of the day buying more 3½” hard disks seems to be the best course of action. Important data can be stored on a secondary disk or a network location with Windows File History.