My guess is someone figured out how to bounce commands off WD command server (customer reps helping people reset their devices) and they are spamming customer ids.
Either that or these devices have unique ports on the WAN with a 0-day but that would take a lot more effort to exploit.
That CVE only shows how to factory-reset a single MyBook to which you can connect and send HTTP requests. There's still something missing to explain how it could happen to seemingly all MyBook's at once, including those behind a NAT.
There are comments in this thread from people who read about this in the news, checked their own device, and found it was wiped as well. This seems like it would be very unlikely to happen if this were just happening in isolated cases.
