Are you (inadvertently) selling your personal data on eBay?

[steven36]

We might well think we're properly erasing data from gadgets before we sell them or dump them, but in fact we're leaving smears of personal data lingering that can lead to identity theft.

According to a recent analysis of 122 second-hand mobile phones, flash drives and mechanical hard drives - bought from eBay, Amazon.com and Gazelle.com between May and August 2015 - 35% of the phones and 48% of the drives had residual data that was simple to recover, including email, texts, call logs, videos and photos.

Take the analysis with a grain of salt: it was done by Blancco Technology Group, which offers what it calls secure erasure services that it guarantees will ensure data sterilization, along with data-recovery specialist Kroll Ontrack.

Still, PR aroma aside, there are plenty of studies that back up the findings.

Naked Security has talked before about the danger of sensitive information falling into the wrong hands because of unsafe disposal of hard drives.

We've even seen the details of a million bank customers sold on eBay on a hard drive costing £35.

It's not like we're not at least trying to wipe our hardware before we sell it - it's just that we aren't doing a very good job.

The Blancco/Kroll Ontrack analysis found that inadequate attempts to wipe hardware were found on 57% of the phones with data, and on 75% of the hard and flash drives with data.

Enough residual data was found on two of the phones - both running Android - to identify previous owners. Such data could easily be used for identity theft if it falls into the wrong hands.

The iPhones, in contrast, got a clean bill of health. The authors said that performing a factory reset on an iPhone is an adequate precaution, but the same can't be said for Android phones.

When analyzing 20 handsets, including Android models from HTC, LG, Motorola and Samsung, the study found data left behind that included 2153 e-mails and 10,838 texts or instant messages.

Bank data was among the sensitive data that could have been exposed.

The study found that a range of data-erasure methods had been used on the hardware, including "quick format" tools as well as exhaustive methods that overwrite the entirety of a data-storage device with fresh data one or more times in order to obliterate old data.

The study found quick-format attempts on 61% of devices that still contained data, with 81% of the quick-format drives still having residual data.

On four of the drives, users had only put their information in the trash: a method that hides the data from view but doesn't purge it, thus making it easy to recover.

According to the study, buying used gear is on the rise. More people are selling used data-storing devices, and more residual data is getting passed on to new owners along with the sold items.

The study says that some 35% of consumers in the US, Canada, the UK and Australia will recycle, sell, donate or trade in their mobile devices every two to three years.

Early adopters are on an even tighter update cycle: 17% swap out their mobile devices more frequently - often on a yearly basis - as the latest, greatest, shiniest new gadgets are released.

If the data on your hard drive was properly encrypted, of course, then you wouldn't need to worry about what happens next to your hardware, given that a would-be identity thief wouldn't be able to detangle the gobbledygook.

Don't make it easy for the criminals. If you're dumping old hardware, make sure you dispose of it appropriately and ensure that any data contained on the drives is either securely wiped or was strongly encrypted in the first place.

Source

[bashar]

I destroy most of electronic devices especially hard drives because of this.

[Holmes]

CCleaner is one of many programs that can secure erase. You can use Darik's boot and nuke program to secure erase or alternatives that if I used a secure erase I would use. They mentioned some of the devices were securely erased with secure erase methods they didnt list which ones were used. Some dude I used to hang out with said you cant get a hold of dariks boot and nuke as its used by the government he didnt kknow what he was talking about you can get it here:

http://www.dban.org/

I would recommend different software you can use that would really work. I have a Low-Level format tool I would use to secure erase:

http://hddguru.com/software/HDD-LLF-Low-Level-Format-Tool/

I would use this tool if I was going to formmat and sell a hard drive. You can also use these if you like:

http://www.pcworld.com/article/261702/how_to_securely_erase_your_hard_drive.html

Remember if one secure erase tool doesnt work try a different one same with recovery if one recovery tool doesnt work try a different one. There is a possibility that the data is lost should never give up. Anyway back too the topic at hand you may not need to use a different secure erase program ccleaner has a thirty five pass (very complex overwrite) I dont know if that is as good as a low level format tool one of them should help prevent identity theft.

Dariks Boot and Nuke has limitations as it cant detect and secure erase SSD hard drives. Its funny I thought of dariks boot and nukke when thinkking about secure erase and there website recommends blancco secure erase software which did this study.

[steven36]

Unless you have a machine that can perform Degaussing it wipes the hard-drive with magnet there's no surefire way to know if you destroyed all the data or not. then it never can be used again .

http://www.dataerasure.com/degauss.php

Its much cheaper to just use a sledge Hammer on it :lol: