Naive users who sell old hardware through online auction sites are running a huge security risk an investigation has revealed.
Traders selling second-hand hard-drives and memory cards on eBay often fail to delete personal information – such as bank details, CVs, usernames and passwords – from the devices before selling them on, data recovery firm Disklabs has discovered.
The company bought 50 memory cards and 100 hard-drives on eBay, which included memory storage tools like USB sticks and sim cards, and found that a staggering 60 per cent of memory cards and 30 per cent of hard drives held confidential information.
Simon Steggles, director of Disklabs, said that the shock findings are partly down to people misunderstanding how to delete the information.
‘The results were astonishing,’ he said, ‘It seems that traders, who claim to be professionals, either couldn’t be bothered to erase the information or were not aware that simply pressing delete does not get rid of the memory.’
After pressing the delete key to remove files, many PCs and digital devices will only apply a label to allow the system to overwrite the files – not delete them.
Disklabs targeted eBay sellers who were auctioning 20 or more memory devices at one time to find out how trustworthy they were. The firm then contacted each trader to inform them of its findings and found that the responses were equally surprising. One dealer told the company to delete the information and put it back on eBay, and others were convinced that using delete was a satisfactory method to ensure the goods were clean.
However, Steggles was reassured by the reliability of traders who are members of the PC Association (PCA). ‘We found that the majority of clean goods were sold by traders registered with the PCA,’ he said, ‘My advice is to check that dealers are a member of the association or to contact a reputable data recovery company, like Disklabs, who will clean the hardware for you on-site.’
Steggles also warns that users should realise that formatting hard-drives will not eradicate the information either.
The Staffordshire-based team also discovered that undeleted temporary Internet files and cookies allowed them to follow the web activities of previous owners. Within a small amount of time they had full access to personal financial details, like credit card numbers, which gave them the capability to order goods by changing the delivery address held in Internet accounts.
‘The past owners of the hardware we ordered were very lucky this time around,’ said Steggles, ‘We were very good and erased all of the information, but not everybody out there would.’
For more information about the clean-up services offered by Disklabs go to www.disklabs.com.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
