On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files.
Since April 2nd, the outage has prevented users from accessing files stored on their WD NAS devices, as it required access to the company’s cloud services.
The complete list of services that were down throughout this week includes My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger, together with linked mobile, desktop, and web apps.
While the company said on Sunday, April 2nd, that it was working to restore connectivity and promised to provide updates the next day, a Monday statement thanked customers for their patience but failed to add any details.
Four days later, Western Digital finally shared a temporary solution that helps My Cloud Home, My Cloud Home Duo, and SanDisk ibi users access their files locally.
“The Local Access feature allows you to directly access your personal files from a Windows or MacOS computer that is connected to the same network as your device,” Western Digital said.
“To enable Local Access, use your favorite browser and connect to your device’s Dashboard. Then enable the Local Access feature and create a new Local Access account.”
This knowledge base article provides detailed information on how to toggle on Local Access. Local access is already enabled for My Cloud OS5 (My Cloud PR series and EX series) products.
My Cloud outage follows recent security breach
This massive and ongoing My Cloud outage follows the disclosure of a network breach on Monday, April 3rd, discovered by Western Digital more than a week earlier, on March 26th.
An incident investigation involving external security and forensic experts is still in the early stages, and the company said it’s also coordinating efforts with law enforcement authorities.
Based on evidence discovered so far, Western Digital believes that the attackers gained access to some of its systems and obtained data from its network.
While the company is yet to link this week’s outage with the recently disclosed security breach, it did confirm on Monday that it took “systems and services offline” to secure “business operations” and said it’s working to “restore impacted infrastructure and services.”
BleepingComputer reached out to Western Digital several times since the outage started to ask if there’s a link between the breach and the My Cloud service interruption, but we only received a reply on Friday when we were told that our message wasn’t delivered.
“We are experiencing a network service outage and your message has not been delivered. When services are restored, your message will be delivered to the intended recipient. Thank you for your patience,” the email reply read.
My Book Live devices wiped clean in 2021 attacks
This isn’t the first time Western Digital customers lost their data, with attackers scanning for Internet-exposed and out-of-support My Book Live and My Book Live Duo NAS devices worldwide in June 2021 to factory reset and remotely wipe them clean to destroy all data.
The threat actors are believed to have targeted an unauthenticated factory reset vulnerability tracked as CVE-2018-18472.
“In some cases, the attackers have triggered a factory reset that appears to erase all data on the device,” the company told BleepingComputer at the time.
While customers expressed concerns that Western Digital’s servers were hacked to push out remote factory reset commands to all affected devices, the company denied the rumors and said that its network had not been breached.
“Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised,” Western Digital said.
Source: www.bleepingcomputer.com