59 percent of secondhand hard disks sold on marketplaces like eBay are not properly wiped and still contain data from their previous owners, according to a new study by the University of Hertfordshire and commissioned by Comparitech.
We purchased 200 used hard drives from online marketplaces, secondhand shops, and conventional auctions: 100 in the USA and 100 in the UK. University researchers then performed forensic analysis to determine whether any attempt had been made at deleting the contents of the drive and whether those attempts were successful.
We uncovered a wide range of sensitive and private information left by previous owners. The remnant data included, among other things, employment and payroll records, family and holiday photos, business documents, visa applications, resumes and job applications, lists of passwords, passport and driver’s license scans, tax documents, bank statements, and lists of students attending senior high schools.
Data removal efforts on secondhand hard drives
The information stored on the drives could be used by criminals for any number of purposes ranging from blackmail to identity theft.
Here’s a breakdown of the 200 hard drives analyzed:
26% were properly wiped and no remnant data could be recovered
26% had been formatted, but data could still be recovered with minimal effort
17% contained deleted data that could easily be recovered
16% of the hard disks appeared to have no attempt made to remove the data
16% were not accessible and could not be read
As we’ve found in previous studies, the problem is not that disks aren’t being wiped before resale, but that they aren’t being wiped properly. More on that below.
What data was recovered from the hard drives?
Photos and documents made up the bulk of the data recovered. Some notable examples include:
- Employer payment records
- Photos of soldiers in the Middle East
- Plans and documentation for Army barracks
- Visa applications for trips to China and India
- A debt collection notice
- Passport scans
- Driver’s license scans
- Expense returns
- Bank statements and utility bills
- A copy of a speeding citation for the US
- Intimate photos
- A spreadsheet with the names and personal details of 113 people
- Completed tax documents (P60, W-9)
- Employment applications and CVs
One notable trove that researchers unearthed included several documents from a senior high school including an annual performance report for the school, a list of student names, a letter from a special education supervisor with full contact details, daily bulletins naming staff, a faculty meeting agenda, a track team roster, and pictures of houses and possibly students.
All of that data was deleted—but not permanently wiped—from memory.
A mistake that researchers say is all too common.
Remnant data is a growing problem
Comparing the results from the hard drives purchased in 2018 to a similar study in 2007, researchers observed a rising trend in recoverable remnant data left on secondhand hard drives. Here’s a breakdown comparing the two studies, roughly a decade apart:
In 2018, far more disks sold on the secondhand market contained recoverable data from previous owners than in 2007. That being said, a much larger portion of the 2007 hard drives were unreadable altogether.
Why data remains on secondhand hard drives
Ignorance or apathy?
The majority of the hard disks examined in this study were purchased singly save for a small number of occasions when they were purchased in small lots as the seller had more than one card for sale at the same time. That tells us the problem is fairly widespread, and not from a single source.
Researchers say end users are still not well-informed enough on the risks of failing to permanently remove data from a hard drive before selling or discarding it.
How to securely wipe a hard drive
The issue is not that secondhand sellers don’t attempt to wipe hard drives, it’s that they fail to do so properly, the report explains.
It’s an easy mistake to make if you’re not aware that:
- “Deleting” a file does not obliterate the ones and zeros that make up a file on a hard disk. It merely removes the reference point to where a computer can find the file. When you highlight a file and hit the Delete key, for example, the file will actually remain there until it is overwritten.
- “Quick formats” can also be inadequate, despite what some other sources may tell you.
- Retired cards need to be fully erased and reformatted. A full format is the best way to permanently wipe data from a hard drive.
Researchers say this study will be repeated in the future.
“The problems arising from the disposal of hard disks are only likely to increase as the size of the media continues to increase, and the potential grows for greater volumes of personal and sensitive data to be exposed.”
Read this guide if you want more details about how to securely wipe any hard drive, whether it’s Mac or Windows, iOS or Android, HDD or SSD.
How to securely erase your hard drive, SSD, or mobile phone
Source: Comparitech.com (Posted September 24th, 2019)