Most used HDs contain data from previous owners

Data from previous owners on HDs
Written by Valdis Koks

Experts from the University of Hertfordshire conducted an interesting study commissioned by Comparitech. Researchers have found that the majority of used HDs contain data from previous owners, including confidential information.

Specifically for this experiment, Comparitech acquired 200 used hard drives (half bought in the USA, the other half in the UK), which were tested to see how many of them contained the information to be recovered.

As it turned out, 59% of the total number of used hard drives that can be purchased on eBay and other similar resources are not properly cleaned and still contain data from their previous owners.

“The problems arising from the disposal of hard disks are only likely to increase as the size of the media continues to increase, and the potential grows for greater volumes of personal and sensitive data to be exposed”, — experts say.

Researchers have discovered on the purchased drives a wide range of confidential and personal information. In particular, they found employment and salary data of previous owners, photos of their families and vacations, business documents, visa applications, resumes and job applications, password lists, passport and driver license scans, tax documents, extracts from banks and much more.

In general, after the tests, the statistics on the 200 studied hard drives looked as following:

  • 26% of disks were cleaned properly, and no data could be recovered from them;
  • 26% were formatted, but the data could still be recovered with minimal effort;
  • 17% contained deleted data, which was not very difficult to recover;
  • 16% of hard drives did not even try to clean before selling;
  • 16% of disks could not be read.

Comparing the UK with the United States, researchers write that 29% of British drives had signs of permanent data deletion, while in the United States there were 23%. At the same time, 37% of the discs from the UK were formatted, while in the United States there were only 14%. Researchers were able easily recover data for 54% of US drives and 63% of drives purchased in the UK.

Read also: Vulnerability in firmware of some AMD Radeon graphics cards allows for RCE

Researchers note that a similar study was already conducted in 2007, and if we compare the results, it is obvious that over time the situation only gets worse. So, on used hard drives purchased in 2018, much more “forgotten” data was found.

How to securely wipe a hard drive:

The issue is not that secondhand sellers don’t attempt to wipe hard drives, it’s that they fail to do so properly, the report explains.

It’s an easy mistake to make if you’re not aware that:

  • “Deleting” a file does not obliterate the ones and zeros that make up a file on a hard disk. It merely removes the reference point to where a computer can find the file. When you highlight a file and hit the Delete key, for example, the file will actually remain there until it is overwritten.
  • “Quick formats” can also be inadequate, despite what some other sources may tell you.
  • Retired cards need to be fully erased and reformatted. A full format is the best way to permanently wipe data from a hard drive.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment