Used smartphones and PDAs for sale on eBay are loaded with sensitive personal and business information ranging from banking records to text messages and corporate emails that can be easily retrieved by hackers and data thieves, according to a sampling by mobile security software provider Trust Digital.
Trust Digital engineers recovered nearly 27,000 pages of personal, corporate, and device data from nine of 10 mobile devices purchased through eBay for the project, including a smartphone sold by an employee of a major corporation.
The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material.
The information was retained in the flash memory of the devices because of users' failure to perform the advanced hard reset required to delete the data. The nine devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a Web services firm, and a corporate counsel of a multi-billion dollar technology company serving the legal market. The tenth device in the test was never used.
Nick Magliato, CEO of Trust Digital says consumers can protect themselves by enabling the password function on their devices, asking their cellular carriers for information about data security, and "hard wiping" their devices before selling them.