Researchers Say 68% of the USB Sticks Resold on eBay Contain Sensitive Data

• People who are reselling their USB sticks online don’t know how to erase them properly.
• Researchers managed to retrieve highly sensitive data from two-thirds of USBs bought on eBay.
• Selling or buying used USB sticks today doesn’t make much economical sense and isn’t worth the risks involved.

A team of researchers at the Abertay University claim that about two-thirds of the used USB sticks resold on eBay contain retrievable sensitive data. The study that supports this claim used 100 USB drives bought off the popular internet marketplace.

In 68 of these drives, the researchers found files like health records, tax returns, CVs, bank statements, and more. In some cases, they’ve even restored documents that contained credentials with plaintext passwords, so the consequences of this could be dire for the sellers.

More specifically, the team found that only 32 USB drives were properly wiped. In other 42, the researchers could perform full recovery, and in 26 of the drives, partial file recovery was possible. This tells us that the vast majority of these devices' owners actually attempted to erase their sensitive data but couldn’t figure out how to do it properly.

Unfortunately, merely deleting the files using the file manager on Windows, for example, doesn’t do the trick. Wiping the drives only removes the file indexes, not the data itself, so someone could use publicly available recovery software and retrieve this sensitive information. It is a relatively easy and quick process, and hackers could be buying the drives in bulk, looking for anything useful that may be hiding in their storage.

USB drives are very cheap today, so reselling it isn’t worth the risk. If you insist on doing it, at least make sure that you use an application that will overwrite all data on the device’s memory. Filling the stick’s storage with junk data ensures that there will be nothing useful on it if someone attempts to retrieve files. If you’re just looking to throw the USB drive away, the physical destruction of the memory should be an even quicker method to help you keep any sensitive data out of reach.

We have a detailed guide on how to erase data permanently, so make sure to check it out before you put any device for sale on the internet. If you’re on the buyer’s side, all you can do is act ethically and not attempt to restore any data from the USB drive. What you really need to be careful with is the chances of buying a USB stick that is loaded with malware, spyware, or ransomware. Again, USB sticks are so inexpensive today, so why go for a used one in the first place?