Two vulnerabilities were exploited to remotely wipe the data and install a trojan in some cases.
UPDATE 6/30: Western Digital has now shared details of multiple vulnerabilities that allowed My Book Live devices to be wiped and is offering affected customers support starting next month. The two vulnerabilities identified are known as CVE-2018-18472 (a Remote Command Execution bug) and CVE-2021-35941 (an unauthenticated factory reset vulnerability).18472 can be triggered by anyone who knows the IP address of the affected device, where as 35921 was introduced to My Book Live in April 2011 «as part of a refactor of authentication logic in the device firmware.» As Western Digital explains, «Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device. On some devices, the attackers installed a trojan with a file named.nttpd,1-ppc-be-t1-z, which is a Linux ELF binary compiled for the PowerPC architecture used by the My Book Live and Live Duo.
