The kicker? WD did fix one login bypass flaw through a firmware update, but it introduced another in the process.

We've asked WD for its take on the situation and will let you know if it has a response. However, the Exploitee.rs team says it's revealing these pre-patch bugs to the public because of WD's "reputation within the community." Supposedly, the company doesn't pay attention to the seriousness of security flaws -- this open disclosure is a way of pressuring WD into action. True or not, you may not want to allow internet access to your My Cloud gear unless it's absolutely necessary.