Blog article
See all stories »

I Found Your Data on That Used Device You Sold

Over the past 15 years, the increasingly rapid evolution of technology has resulted in new computers or mobile phones becoming outdated in a matter of one or two years. Chances are, you’ve gone through no less than ten digital devices in the past decade, if not more. It has become standard practice to upgrade to a newer device and often sell, donate, or discard the old one. Or you’ve received a new computer or mobile phone for a holiday gift and need to get rid of the old one.

What did you do with all of your old devices? Some may be in your basement, others were given away, and you might have hocked a few on eBay or Craigslist. Did you know it is very likely that you inadvertently put all of your digital data in someone else’s hands if you no longer have the device?

I recently bought 20 laptops, desktops, netbooks, notebooks, tablets, Macs, and mobiles through Craigslist, all from sellers located within 90 minutes of my home. Of the 20, three of them had never been wiped, meaning that I bought the devices exactly as they once sat on someone’s desk. The original owners had made no effort to clean out the data, which meant that I was able to access the records of their entire digital lives. 17 of the devices had been wiped, meaning that the seller took the time to reformat or reinstall the operating system. Of the 17 wiped drives, seven contained remnants of the previous users’ digital lives. Despite the effort made to reformat or reinstall the operating systems, there were partitions and leftover data on the drives.

After having spent the past few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something. IT professionals tasked with data destruction use “wiping” software, and you can too. But after what I’ve seen, more needs to be done. This means external and internal drives, thumb drives, SD cards, and anything else that stores data really should be destroyed.

So whether you destroy an unwanted drive with a sledgehammer, or use a drill press to turn it into swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist.

 

2765

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 15 March, 2012, 10:04Be the first to give this comment the thumbs up 0 likes

We already know that millions of people have given away their Internet Banking credentials to Mint and other P2FMs, their credit card online account credentials on Offermatic and other websites, etc. Your experience with these partially and totally unwiped hard disks is further evidence that, when it comes to privacy and security, what people do is quite different from what they say. I think it was the CEO  of the new identity service Personal.com who recently said that, like many other things in life, security and privacy are not redline subjects - they just have a price.