Western Digital My Book Live owners around the globe reported a total loss of data on their devices.
The company stated that hackers used a vulnerability (CVE-2021-35941) to remotely wipe data from live disks.
Censys, a security firm, and Ars Technica , on the other hand, believe hackers used an undocumented vulnerability in a system_factory_restore file. According to their investigations, Western Digital had commented out a part of the script that would have required a password before executing a factory reset.
A security expert told Ars Technica that the attackers would have to know the format of the script that triggered the reset to exploit the vulnerability. The hack puts Western Digital in a bad light, as if they they changed the script on purpose.
Some believe that the attackers originally used the CVE-2021-35941 vulnerability to turn the devices into botnets and a rival group used the system_factory_restore flaw to wipe the data from the disks.