UPDATE: Western Digital hack renders WD My Cloud Home series NAS unusable

Update on 04/07/2023: Western Digital published a KB-Article which describes how WD My Cloud Home Users could enable Local Access to their data. All other vloud-services like remote access still aren’t accessible yet.

According to BleepingComputer sources, Western Digital detected unauthorized access to their corporate network on 03/26/2023. At the time of writing (04/04/2023), Western Digital and forensics experts are investigating the scope of the breach. During Sunday, 04/02/2023, all WD My Cloud services were shut down. Since then, it is no longer possible to access WD My Cloud NAS devices via the mobile phone app, as the authentication service for this is located in Western Digital’s cloud.

This shutdown is particularly bitter for users of the inexpensive WD My Cloud Home devices: these devices just received the feature for local SMB acces some weeks ago. Hence, most users will use access via WD Discovery. Which also requires authentication to Western Digital’s cloud.

Unless the local login for the WD My Cloud Home has already been set up, which is likely not the case for most home users, WD My Cloud Home NAS are unusable at this time. Users can no longer get to their locally (!sic) stored data.

Is my device affected?

All WD My Cloud Home and WD My Cloud Home Duo devices are affected by the complete lockout, unless a local account has been set up before 04/04/2023.

NAS devices based on the My Cloud OS (e.g. WD My Cloud EX2 Ultra) still allow local access via SMB and other file sharing protocols. Access via the WD My Cloud smartphone or tablet app is also not possible with these devices, as the authentication for this is done in the cloud.

Update 04/07/2023: Enabling Local Access

Western Digital Published a Support Article that describes how Local Access on My Cloud Home could be enabled. Enabling this feature requires acces to the WD My Cloud NAS via a local Network connection. Like other My Cloud Products, the Local Access will be done via SMB.

Urgent access needed?

WD My Cloud Home devices contain one or two standard 3.5 inch SATA hard drives. On these is an ext4 file system, which can be read by common Linux operating systems.

However, the data is not neatly arranged in directories but in a REST file structure. The filenames are randomly chosen GUIDs. The same is applicable for the directories. The key to this data chaos is a SQLite database which allows the app to display logical file paths.

A Python script from Springfield Data Recovery can “bend” the data back into a readable file structure. The script can be found on GitHub.

Please note that the WD My Cloud Home case cannot be opened non-destructively. Opening the WD My Cloud Home will void the warranty.

Speculations about the extent

The “deafening silence” on the side of Western Digital is remarkable. Apart from a very general statement on Business Wire and status information on the mycloud.com website, there is no information from the manufacturer about the extent of the breach. The fact that WD took the servers offline without informing the customers via email speaks more for a loss of control than for a pure security measure. It is quite possible that the attackers managed to get control of valuable authentication information or paralyzed crucial systems.

In the end, such statements are pure speculation. Affected users can only wait and hope for further information from Western Digital.