Categories
Security

Unplug your WD My Book Live, or you might find your drive’s data wiped

If you own a WD My Book Live NAS, you should immediately disconnect it from your network — users have discovered that their data has seemingly been deleted off the device, with no action on their part (via Ars Technica). In a post on its community forum, WD says that the data loss appears to be the result of “malicious software,” and advises any My Book Live or My Book Live Duo owners to disconnect their devices from the internet to protect their data.

Some users on WD’s forum report that their devices appear to have been factory reset, while others report seeing a page requesting a password they don’t know.

In most cases, those who have been affected say that all of the data on the device appears to be gone, with their file structure either remaining intact, but with empty folders, or no folders at all except the ones that come by default on the device.

We’ve reached out to WD to ask for comment, and we’ve explicitly asked whether the company will offer data recovery services to affected users, but we haven’t yet gotten a response. The company sent statements to both BleepingComputer and Ars Technica, which largely mirrored its community post, saying that WD is investigating the incident, and doesn’t believe its servers were compromised.

Repost: Original Source and Author Link

Categories
Tech News

It’s time to unplug your Eufy cameras

Owners of Eufy security cameras have found themselves able to see live and recorded video of other, random users, in a huge privacy breach affecting the Anker company. Owners of the affordable cameras began reporting the issue earlier today, with access to other users’ cameras – including pan & tilt control on certain models – elsewhere in the world.

Eufy offers a wide range of models, designed for both indoor and outdoor use, along with video doorbells, baby monitors, and floodlight cameras for exterior security. Some cameras support remote pan & tilt functionality, where the lens can be moved to look around the room from the Eufy app.

However when multiple owners tried to view their cameras earlier today, they realized they weren’t in fact seeing their own feeds. Instead, they had access to what appeared to be both live and cloud-based saved clips from random users elsewhere in the world. Others could see the list of alerts that cameras had generated over the past day or so.

Owners on Reddit confirmed the problem, as did at least one camera owner at 9to5Mac. While the exact functionality appears to be different in some cases, some users were able to remotely capture video recordings and save them to their own phones from the randomized feeds. Others reported being able to access the Eufy settings on the remote systems, including home network information.

It’s a huge concern for those who have bought into Eufy’s ecosystem of products, particularly among those who have installed cameras inside the home or to monitor their children. Concerned Eufy users found that logging out of their account and then back in again, plus power cycling the home base, was sufficient to restore access to their own system. However, others have simply unplugged their cameras altogether, which seems like a fairly wise reaction.

Security breaches and privacy lapses aren’t uncommon at this point in time, but the impact is always more significant when it’s a home security company like Eufy which is impacted. Wyze, another low-cost camera and smart home tech provider, experienced a huge database breach in late 2019, for example, though that didn’t see people able to access other users’ accounts in the same way as this Eufy issue.

Eufy is yet to comment officially on the problem today. According to a message shared in the official Eufy forum, purportedly from the company’s support team, “the issue was due to a bug in one of our servers” which “was quickly resolved by our engineering team.” Even if that’s authentic, whether it’ll be enough to reassure the company’s customers remains to be seen.

Repost: Original Source and Author Link