A new report issued by Abertay University revealed the prevalence of security risks when selling used storage devices, The search foundLed by student James Koncher, found 75,000 deleted files have been easily recovered from used USB drives and SSDs purchased online.
Although 98 out of 100 USB storage devices purchased looked blank, in reality only 32 were scanned correctly. Using publicly available tools, it was possible to extract partial files from 26 USB devices while each file was recovered from the remaining 42 devices.
Among the files recovered was highly sensitive information, including bank statements, passwords, and tax returns.
Professor Karen Reno of the Department of Abertay University said: “An unscrupulous buyer can practically use recovered files to access vendor accounts if passwords are still valid or even try passwords on other person’s accounts since password reuse is widespread. Wide”.
The professor continued: “It is possible that people who have obtained the USB storage device will be able to find the seller’s email address from the files we found on the drive. They can try to steal money from bank accounts or even blackmail the seller by threatening to reveal embarrassing information.
While deleting files may seem like a straightforward process, it’s actually more complicated than that. When most computers delete files, what they actually do is simply remove them from the viewable index. Then some available tools can be used to recover them easily.
Detailed software is available for anyone looking to permanently delete files and it is highly recommended for anyone looking to sell an old USB drive. On the other hand, if you only want to dispose of the drive, it is best to destroy it with a hammer before throwing it in the trash.
Interestingly, the research team at Abertay did not find any malware over 100 Drive USB indicating that while the stakes are high for sellers of old storage devices, buyers are likely to be fine.