When eBay launched it became the go-to place for buying electrical items at vastly reduced prices, amongst other things. Its auction bidding style provided an element of excitement where the user could become a ‘winner’ by making the best bid. Counting down the hours and minutes until the sale closed could be a nail-biting affair.
Since then eBay has vastly expanded the range of items for sale and it is a marketplace where any individual can set up their stall. Now something rather interesting about eBay has come to light, according to a Forbes article; around 42% of the hard drives sold on the site contain sensitive data.
The analysis came via Ontrack research for a Blanco Technology Group report. It revealed that hard drives bought in the USA, UK, Germany and Finland contained sensitive data as well as personal information.
Birth certificates, passports and more
The researchers spoke to sellers, all of whom claimed they had used proper “data sanitisation methods” to ensure no data remained on the drives. The report showed this was clearly untrue. It showed, “One drive belonged to a software developer “with a high level of government security clearance” that still contained scanned images of family passports and birth certificates along with financial records.” And they also found,” a drive with 5GB of archived internal office email from a major travel company, 3GB of data from a freight company including documents that detailed shipping schedules and truck registrations, university student papers and associated email addresses and school data that was comprised of photos and documents with pupil names and grades.”
Fredrik Forslund, vice-president of cloud and data erasure at Blanco remarked on the situation: “Selling old hardware via an online marketplace might feel like a good option, but in reality it creates a serious risk of exposing dangerous levels of personal data.”
This is not a case of widespread data theft, or intent to damage a specific business. For criminals to benefit from this information, they would have to buy a lot of hard drives and even then they cannot be sure what data they will get, or indeed if there is any on the hard drive.
But Tim Erlin, vice-president of product management and strategy at Tripwire, warns that although this might make it seem as if there isn’t a problem, “it might lower the concern, but it shouldn’t eliminate it.”
How to avoid selling data on eBay
Getting rid of a hard drive requires care and any business should have a process in place for removing any sensitive data. Old processes, such as using magnets are outmoded, and Solid State Drives (SSDs) require a different approach altogether. Tim Mackey, senior technical evangelist at Synopsys suggests that in order to ensure certainty data cannot be recovered, physically destroying, or shredding, the drive is the answer.
It is likely that large organisations have the systems in place to perform this kind of data sanitisation effectively, but small and mediums sized businesses may not. And it is likely that the majority of the hard drives for sale on eBay come from those businesses who see selling old hard drives on the site as a way to recoup some money.
We need to be more aware than ever of the value of data and the importance of data security. If you are getting rid of a hard drive connected to business use, ensure it is properly destroyed and that you have confirmation of its destruction. Don’t let it end up on eBay where you have no idea who might find that it still contains valuable information.