When it comes to data privacy, there’s more to security than changing passwords and encryption. You’re at risk if you do good by recycling computers and smartphones too. Research from security company Rapid7 shows that tech sold in secondhand shops are filled with the previous owners’ personal data, according to new research from security company Rapid7.
Over the course of six months, Josh Frantz, a researcher at Rapid7, purchased old electronics from businesses that sell refurbished computers, or accept donations, and promise to wipe the devices before they are sold. He spent $650. His haul included 41 computers, 27 pieces of removable media, which included flash drives and memory cards, 11 hard disks, and six cell phones.
What he found was the equivalent of people serving up their data on a digital silver platter. Frantz retrieved more than 366,000 files, which included documents and images. Perhaps most troubling was the load of personal information he was able to access. He found 41 social security numbers, 19 credit card numbers, six driver’s license numbers and two passport numbers.
“Whenever I brought a computer back, I booted it up to see whether it was bootable and whether it required a password to log in. I wrote a script in PowerShell that would run through and index all the images, documents, saved emails, and conversation histories through instant messengers. It would then zip it up nice and organized on the desktop, and I would pull it off with a USB drive,” he wrote in a blog post.
While many businesses promise to wipe donated old electronics, Frantz said the best way to prevent your data from leaking to potential thieves is to clean any device as best as you can before handing it over to a recycling program or a re-seller.
Performing a factory reset sometimes isn’t enough to keep experienced hackers from finding old data. Frantz shared a guide to how to wipe an Android device, which involves first using an app to encrypt your data before performing a factory reset. An iPhone or iPad can be reset by going to settings > general > reset > erase all content and settings.
And if you are planning to recycle your old computer, Frantz recommends a few different methods for destroying it, including a drill, hammer, or setting it on fire, as long as there aren’t any toxic byproducts.
“If you’re worried about your data ending up in the wrong person’s hands, destroy the data,” he said. “If you wish to do a good deed and donate your technology so others can benefit, make sure it’s at least wiped to an acceptable standard. Even if you get it in writing that your data will be erased, there’s no good way to know whether that’s actually true unless you perform the wipe yourself.”