Your router could be leaking a whole lot of personal data without you knowing

Make sure to decommission your hardware properly, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you’re not careful when decommissioning your old businessrouters, you could be risking serious sensitive data leaks, new research has warned.

A report from ESET found small and medium-sized organizations, as well as enterprises, often dispose of their old hardware inappropriately. As a result, they leak customer data, credentials, and various other authentication keys.

The company analyzed 16 distinct network devices that were disposed of and sold on the second-hand market and found nine devices - 56% - were still holding sensitive company data.

Passwords on a platter

Of the nine devices that had complete configuration data available, a quarter (22%) contained customer data, a third (33%) exposed data allowing third-party connections to the network, almost half (44%) had credentials for connecting to other networks as a trusted party, almost all (89%) itemized connection details for specific applications and contained router-to-router authentication keys.

Furthermore, all of the devices (100%) contained one or more of IPsec or VPN credentials, or hashed root passwords, and had sufficient data to reliably identify the former owner/operator.

Over a million Weee! customers have had their data breached>Acronis admits to mega data leak - but it might not be as bad as it seems>Here are thebest identity theft protectiontools around

ESET also found that some companies didn’t really care about leaking sensitive data this way. After “repeated attempts to connect” and notify the firms of the potential problem, some companies were “shockingly unresponsive”. Others, however, “showed proficiency” and handled the problem as a “full-blown security breach”.

These findings should serve as a “wake-up call” for organizations to tighten up on their data protection practices, ESET says.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We would expect medium-sized to enterprise companies to have a strict set of security initiatives to decommission devices, but we found the opposite," noted Cameron Camp, the ESET security researcher who led the project.

“Organizations need to be much more aware of what remains on the devices they put out to pasture, since a majority of the devices we obtained from the secondary market contained a digital blueprint of the company involved, including, but not limited to, core networking information, application data, corporate credentials, and information about partners, vendors, and customers.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

How to turn off Meta AI