
4 of 10 computers on eBay carry sensitive data
2019-05-24
A new study from Blancco Technology Group reports sensitive data on 42% of hard drives purchased on eBay. The researchers also found personally identifiable information on 15% of the forensically analyzed drives.
The sellers insisted that proper data sanitization methods had been used to clean the drives before putting the products up for sale on eBay. This was obviously not correct, which the sheer breadth of information that was recovered from these drives suggests. One drive, for example, contained scanned images of family passports and birth certificates along with financial records. The seller was a software developer "with a high level of government security clearance". Other drives were found to have 5GB of archived internal office email from a major travel company, 3GB of data from a freight company including documents that detailed shipping schedules and truck registrations, university student papers and associated email addresses and school data that was comprised of photos and documents with pupil names and grades.
Many, both companies and private sellers, will say that they don’t have any valuable information. But this common misconception is dismissed by Fredrik Forslund at Blancco:
"Selling old hardware via an online marketplace creates a serious risk of exposing dangerous levels of personal data." According to Forslund, the risk is increased when these drives are sold under the impression that all data has been securely erased as part of the hardware decommissioning process.
Historically, high-powered magnets have been used to clean hard drives. But that is not a good solution when Solid State Drives (SSDs) are involved, since SSDs employ integrated circuit assemblies as memory.
"Since SSDs don't store data magnetically new processes to protect data prior to disposal are required", says Tim Mackey at Synopsys.