Millions of deleted files recovered in hard drives purchased online

Exclusive: Secure Data Recovery spills the beans on shocking discovery about second hand data storage

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Data recoveryspecialistSecure Data Recoveryhas shared the results of a recovery project that attempted to find out how many files could be recovered from a large number ofhard drives(rather thansolid state drivesor memory cards) exclusively forTechRadar Pro.

The company purchased 100 hard drives at random and tried to recover data using reasonable means; for this current exercise, it decided not to invest resources into recovering data from damaged or encryptedsecure drives, as many of these cases would have been salvageable.

Secure Data Recovery recovered data from 35 drives with 34 sanitized, 30 damaged HDDs and only one encrypted drive. None of the drives were hybrid ones (which combines a bit of solid state memory and traditional spinning drives). More than 5.7 million files were recovered although that number was skewed by a single hard drive that contained more than 3.1 million files. The oldest recovered drive was a 2.5-inch Western Digital model from 2004; nearly two thirds of the drives purchased were 3.5-inch models.

(This article has been updated to reflect the fact that data was recovered from 35 drives only, the rest were deemed recoverable but SDR decided not to invest time or resources into recovering them for the purpose of this research)

Worrying trend

The findings highlight a well-known fact: most users don’t have thorough destruction or disposal plans after replacing damaged or obsolete hard drives (e.g. those relying on PATA or SCSI interfaces).

In other words, a worrying minority of users will get rid of hard drives laden with files while some will go through the process of actually deleting them. Only a tiny fraction (1% in the research) will go all the way and actually encrypt the host drive.

Turns out that the years of eBay warning prospective vendors of making sure their laptops and storage devices have been wiped clean probably fell on a ton of deaf ears.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

A spokesperson for the company told us that a hard drive is defined as sanitized if no data was found, it was either completely wiped or filled with a random pattern (like the Department of Defense’s three-pass method). The spokesperson also confirmed what happened to the data after recovery: “We followed our typical, strict data-handling practices, which include over 100 security controls. We never viewed the contents of any recovered file and securely purged the data after the exercise.”

How to dispose of a hard drive safely and securely

Jake Reznik, Laboratory Operations Manager at Secure Data Recovery, is an expert at recovering files. Here’s his take on how to get rid of your hard drive (internal or external).

“Before sanitizing, back up important files to avoid data loss (ed: You can use abackup softwareor a service from ourbest cloud backupprovider), then select the preferred destruction method based on your needs. Erasure software allows the hard drive to be reused but overwrites the original data with random patterns over multiple passes. Afterward, verify that the program properly wiped all data.

Other methods damage the hard drive beyond repair. Degaussing uses a powerful magnetic field to demagnetize the platters and scramble the existing data. Running a hard drive through a media shredder tears the device’s components into small metal pieces. Disintegrating is an enterprise option that reduces particle size to a fine residue. Using a drill to puncture the drive’s platters in several spots is a cost-effective method.

In general, methods that physically destroy the hard drive are more secure. Some parties even choose a combination of destruction methods to ensure the data is unrecoverable. For the best results, consult a professional service to ensure safe hard drive destruction and disposal.”

For further reading, have a look at what’s thedifference between data recovery software and data recovery servicesto find out the best solution for your file recovery woes, understandhow data recovery software worksandwhat to look for when choosing data recovery services

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled inwebsite buildersandweb hostingwhen DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats