Posted on 06/28/2016 3:39:49 PM PDT by nickcarraway
A new study from technology firm Blancco Technology Group found that 78% more than three quartersof used, resold, or refurbished hard disk drives still contained personal or confidential information, despite supposedly being wiped.
In the first quarter of 2016, the group purchased a total of 200 used hard disk drives and solid state drives sold in the United States from eBay and Craigslist. Out of the 200, the Blanccos digital forensics team was able to recover left-over data from 78% of the drives, according to the study.
5% of the residual data were spreadsheets, which included sales projections and inventories for various companies. Although this number seems small, the company urges businesses to erase data, saying it is the most important security measure corporations should take. The study references the 2014 data breach at Sony Pictures, when hackers took control of the film companys computer system. Other than posting internal salary information during the hack, the hacker group also leaked five of Sonys movies onto the Web.
As for personal information, over half (67%) of the drives contained things like photos (43%), social security numbers (23%), and financial data (21%).
Paul Henry, Blanccos digital forensics expert, explained in the study that this left over information is all hackers need to steal the information and then perpetrate identity theft and fraud.
This could have devastating effects for individuals because it could not only rob them of their hard-earned money, but it could also hurt their chances to get approved for financing, mortgage loans and so much more, Henry said in the study.
So, despite the fact these drives were supposedly wiped, why do so many of them still have information that shouldnt be in a strangers possession? The study points out that there is a big difference between deleting data and erasing it.
For example, when you delete a file on a computer by dragging it to the trash bin, or even by using the delete key, this doesnt destroy the data. Instead, formatting a drive erases data. However, the study warns that not all format commands are the same. A quick format, for example, which was used on 40% of the drives, still left some data behind that could easily be accessed by a hacker. A full format, which was used on 14% of the drives, was more thorough, but still missed some crucial information.
DBAN (Dariks Boot and Nuke) is the way to go.
I always use a hammer and drive a few nails through the disc. It is not worth the risk to save a few dollars and sell the HD.
They should give their computer to Hillary to wipe first.
I do not turn old drives loose from anything used at home.
Drives get smashed and drilled if they are unusable. Re-purposed ones get at least a couple passes of DBAN before use again. Those typically are used with Linux stuff I toy with.
Maybe I can swing Linux academy this fall.
If you’re trashing a hard disk, several strokes to the case with a hammer should dispatch the disk inside.
A good erasure takes forever, with every bit over written several times.
I would never sell a hard drive. Especially when they are cheap to replace.
“They should give their computer to Hillary to wipe first.”
Wiped, like with a cloth?
My 3 lb hammer seems to beat the crap out of ours before we get rid of them...
hmmm. never sold a hard drive. I keep PCs and drives until they die or get obsolete and then just throw them away. I format the drives. If someone wants to recover my data from drives at the dump I wish them well.
I rarely (not sure I’ve EVER) sold a hard drive. If I’m done with a machine, I’ll typically take the hard drive out and sell, donate, or trash the machine. The hard drive gets the platters removed and shredded. I call it “Still Thinking’s Low Level Format with Extreme Prejudice (tm)”.
A few years ago I did technical field work for one of those outfits that farmed jobs out.
It was for a server decom at BofA. The job was simple. Find and verify the server, yank the drives and drill a hole and send a photo.
I got to the place and waited a little. A couple of staff people came out and we went to their server room. We hunted all over and could not find it.
They asked me to wait while they checked some more. Later they came out and admitted the server was shipped out a few weeks earlier. They signed off and I got paid anyway.
At the same time I was doing a refresh via a horrible FL based firm for HP/BofA (there was nothing else at all) and the PCs were to be wiped with GDisk. Any drive that failed had to be pulled and 4 holes drilled. It was supposed bank policy. I mentioned my experience and that one hole was good enough for a server, why not a cheap PC? I got yelled at for daring to ask.
Anyway I survived that nightmare and would rather starve than work for an outfit like the FL crowd.
1. smash with sledge hammer
2. soak in salt water
3. dry in fire
4. encase remains in concrete
5. try to use software utilities to recover data
I always take ours out before taking them to the dump. We use them too long to be of any worth.
I do NOT sell my old hard drives except to friends and family at best (and generally then I’m giving it to them) and even then I’ll low level format the drive or a do a disk image of their existing hard drive.
No way I’m letting my data out.
Same with my digital camera, my smartphone, my video game systems and even my wifi routers (I don’t “wipe” them but I do restore factory defaults to clear any stored accounts/personal info.)
Thats why all of my hard drives end up on a concrete floor and a 16 lb. sledge hammer goes to town on it
I shred my drives when done.
YES! Like with a cloth! But not just a cloth. A little windex will help take that layer of dust off LOL! =)
Sell them?
Hardly worth the effort, I would think.
I still have my first 10 MB hard drive laying around.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.