42% of used drives sold on eBay hold sensitive data, researchers find

Selling your old hard drive on eBay may sound like a good way to squeeze a few extra bucks from unused hardware, but not if you don’t erase the data properly.

A combined team of data recovery experts from Blanco and Ontrack have conducted tests on 159 drives purchased on eBay. Their findings? 42% held sensitive data that had become accessible after the proper recovery technologies were applied, and 15% contained personally identifiable information (PII) that could be used against the previous owner. The key findings were:

  • A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records
  • University student papers and associated email addresses
  • 5GB of archived internal office email from a major travel company
  • 3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations
  • University student papers and associated email addresses
  • Company information from a music store, including 32,000 photos
  • School data, including photos and documents with pupils’ names and grades

Three drives in 20 had PII on them despite their sellers claiming to have sanitized the hardware prior to shipping. Vendor-wise, the hardware was purchased at random, but the team focused on “leading brands” – likely to ensure that the sample of devices matches what’s mostly out there on the market.

“This highlights a major concern that while sellers clearly recognise the importance of removing data, they are in fact, using methods which are inadequate,” the team said.

Disposal of used hard drives is a tricky process that requires extreme attention. Some would advise to destroy the drive altogether and not bother reselling it, as the risks outweigh the benefits. Properly wiping a drive clean requires many sessions of deletion and overwriting. There are free solutions out there that promise to assist in this mission, but it’s ultimately the user’s choice which one they trust to get the job done. Stay safe!

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: