Think twice before selling your second-hand hard drive

The storage drive of any device holds a significant amount of private information, and even when we delete this data, it can still be recovered quite easily. Secure Data Recovery recently conducted an experiment focused on recovering data from second-hand mechanical hard drives, excluding SSDs and memory cards. The company purchased 100 random hard drives and attempted to retrieve the data using affordable solutions, rather than advanced systems.

It’s important to note that they specifically excluded damaged or encrypted drives from the experiment to streamline the process and conserve resources. It should be acknowledged that broken or encrypted drives could potentially yield different results if included in the study.

hard drive

Bad idea to sell second hand hard drives

Secure Data Recovery has successfully retrieved data from a total of 69 hard drives, out of which 30 were damaged and only one was encrypted. It’s worth noting that all the drives involved in the experiment were traditional hard drives without any hybrid solutions or memory chips like SSHD.

The company proudly states that they have recovered an impressive 5.7 million files. However, it’s important to mention that the majority of this number is attributed to a single unit with over 3.1 million files. They also highlight that the oldest drive they worked with was a 2.5-inch Western Digital model dating back to 2004. Additionally, they clarify that almost two-thirds of the drives were 3.5-inch in size.

This experiment reinforces a well-known fact: many users do not take the necessary steps to ensure complete data deletion. Only a small portion of individuals permanently delete their information, and an even smaller percentage goes the extra mile to encrypt their drives.

As an example, it’s interesting to note that eBay used to require sellers to verify the erasure of hard drives before selling them, but this practice appears to have been forgotten or overlooked.

Secure Data Recovery classifies hard drives without any recoverable data as “disinfected.” These drives have undergone thorough data wipes or have been filled with random patterns to ensure data confidentiality.

A spokesperson from the company has provided insights into the treatment of the recovered data, stating, “We adhere to our stringent data handling practices, which encompass more than 100 security checks. We never accessed the contents of any recovered files and securely purged the data after the exercise, following our standard procedures.”

data recovered hard drive

Why should I clean it before selling it?

To ensure the protection of our personal data, it is indeed advisable to take precautions when disposing of storage units. The risk of someone maliciously accessing our sensitive information and using it for extortion or identity theft is a real concern.

One potential risk involves compromising files such as private photos or videos. These could be used against us for blackmail or other malicious purposes, potentially causing significant distress and harm.

Another concerning scenario is the recovery of files containing personal information like employment or rental contracts. Such documents often contain our address, full name, and identification numbers, which could be exploited by individuals seeking to impersonate us.

The consequences of identity theft can be severe. Impersonators may exploit our identity to obtain bank loans, commit serious crimes, or create various problems. Proving our innocence can be challenging, and we may even find ourselves facing legal consequences for actions we did not commit.

Given these risks, the best practice is to avoid selling storage units second hand. Instead, it is advisable to physically destroy the unit to ensure data irrecoverability. This can involve opening the unit, using sandpaper to abrade the plates, and breaking them into multiple pieces. Disposing of the remains in separate containers over several days can provide an additional layer of security.

Although these measures may seem extreme, they are intended to mitigate the potential risks associated with unauthorized access to personal data. By taking proactive steps to safeguard our information, we can minimize the chance of falling victim to privacy breaches and their detrimental consequences.