This Researcher Found a Huge Trove of Personal Data On Donated Devices
Photo Credit: modern mobile phone mockup with four positions 3d rendering

This Researcher Found a Huge Trove of Personal Data On Donated Devices

If you have an old device, you might bring it to a thrift store, recycling center, or pass it down to somebody else you know. However, according to new research, those donated devices may still contain your personal information.

For the study — published by security firm Rapid7 — researcher Josh Frantz purchased 85 devices for only $650, including computers, removable media like flash drives, hard disks, and cell phones. He ended up finding over 366,300 files of pretty sensitive information that included images and documents.

Frantz was able to gain access to emails, social security, credit card numbers, passport information, dates of birth, and more. Essentially, all the data that you really don’t want falling into a random stranger’s hands.

This highlights that a lot of centers aren’t properly wiping data before they pass devices on, even if they’re promising to do so. Frantz only found two devices that were erased properly, and only three of them were encrypted.

It’s important to remember data is like a small bug, tricky and hiding in places you wouldn’t expect. Data can live on old devices for years and withstand a lot. Many people think erasing a device by using factory reset completely wipes it, but that’s not always enough to prevent data recovery.

Frantz warned that unless you physically destroy a device, experts can potentially get data from it.

“However, wiping your device is usually enough, and can be a very easy and relatively painless process,” Frantz added.

Here is a guide on how to properly do it yourself. There’s also guides for wiping a hard disk drive and solid-state drives or multiple disks in a RAID.