Are you (inadvertently) selling your personal data on eBay?

library
crime | hacking | security

We might well think we’re properly erasing data from gadgets before we sell them or dump them, but in fact we’re leaving smears of personal data lingering that can lead to identity theft.

According to a recent analysis of 122 second-hand mobile phones, flash drives and mechanical hard drives – bought from eBay, Amazon.com and Gazelle.com between May and August 2015 – 35% of the phones and 48% of the drives had residual data that was simple to recover, including email, texts, call logs, videos and photos.

Take the analysis with a grain of salt: it was done by Blancco Technology Group, which offers what it calls secure erasure services that it guarantees will ensure data sterilization, along with data-recovery specialist Kroll Ontrack.

Still, PR aroma aside, there are plenty of studies that back up the findings.

Naked Security has talked before about the danger of sensitive information falling into the wrong hands because of unsafe disposal of hard drives.

We’ve even seen the details of a million bank customers sold on eBay on a hard drive costing £35.

It’s not like we’re not at least trying to wipe our hardware before we sell it – it’s just that we aren’t doing a very good job.

The Blancco/Kroll Ontrack analysis found that inadequate attempts to wipe hardware were found on 57% of the phones with data, and on 75% of the hard and flash drives with data.

Enough residual data was found on two of the phones – both running Android – to identify previous owners. Such data could easily be used for identity theft if it falls into the wrong hands.

The iPhones, in contrast, got a clean bill of health. The authors said that performing a factory reset on an iPhone is an adequate precaution, but the same can’t be said for Android phones.

When analyzing 20 handsets, including Android models from HTC, LG, Motorola and Samsung, the study found data left behind that included 2153 e-mails and 10,838 texts or instant messages.

Bank data was among the sensitive data that could have been exposed.

The study found that a range of data-erasure methods had been used on the hardware, including “quick format” tools as well as exhaustive methods that overwrite the entirety of a data-storage device with fresh data one or more times in order to obliterate old data.

The study found quick-format attempts on 61% of devices that still contained data, with 81% of the quick-format drives still having residual data.

On four of the drives, users had only put their information in the trash: a method that hides the data from view but doesn’t purge it, thus making it easy to recover.

According to the study, buying used gear is on the rise. More people are selling used data-storing devices, and more residual data is getting passed on to new owners along with the sold items.

The study says that some 35% of consumers in the US, Canada, the UK and Australia will recycle, sell, donate or trade in their mobile devices every two to three years.

Early adopters are on an even tighter update cycle: 17% swap out their mobile devices more frequently – often on a yearly basis – as the latest, greatest, shiniest new gadgets are released.

If the data on your hard drive was properly encrypted, of course, then you wouldn’t need to worry about what happens next to your hardware, given that a would-be identity thief wouldn’t be able to detangle the gobbledygook.

Don’t make it easy for the criminals. If you’re dumping old hardware, make sure you dispose of it appropriately and ensure that any data contained on the drives is either securely wiped or was strongly encrypted in the first place.