Either terrible security practices or malicious intent. Some security research firm found serious backdoor in a range of Western Digital MyCloud devices aimed at personal home or office users.
Several serious security issues were uncovered during my research. Vulnerabilities such as pre auth remote root code execution, as well as a hardcoded backdoor admin account which can NOT be changed. The backdoor also allows for pre auth remote root code execution on the affected device.
— WDMyCloud Multiple Vulnerabilities
Related: