In the current climate where so many people are concerned with internet security and safeguarding their online privacy, we were shocked today to discover just how cavalier some people can be when discarding old hardware (and by extension, software) that holds their personal data.
We bought an untried and untested second-hand PC tower today in a charity shop at a truly minimal cost, to replace an ancient (by IT standards) piece of failing equipment as a short-term temporary measure. There were no guarantees that it would even work and there was nothing immediately obvious to suggest why the PC had been discarded in the first place, but we decided it was worth a punt. If it didn’t work, we’d take the hit. So we took it home, plugged it in and switched it on, and waited to see what happened…
It started up smoothly and loaded perfectly, and we soon saw the usual Windows log-in screen. There was the name of the original owner, along with a prompt clue for his password. Seriously? A prompt clue? It couldn’t be that easy, surely? But it was. It took us only three attempts to log in to some unknown-to-us person’s PC, because not only was his password ridiculously simple – one word, with initial capital letter and no numbers – but also he had left a ridiculously simple prompt clue to help us guess.
Please understand we have absolutely no desire to steal anyone’s identity, or even view their data voyeuristically, but shockingly there had been absolutely no attempt to clear anything at all from the hard drive before giving it away. The most cursory glance at a few of the many files still stored openly on the desktop showed photographs including what is clearly a selfie, personal information such as where he lives, and a simple spreadsheet showing his monthly income and fixed expenditure.
In five minutes flat we knew not only his full name and address and his password, but also what he looks like, what he earns, what he budgets for on a regular basis and what appear to be his favourite hobbies and interests. We plan to scrub the hard drive and put on our own operating system and programs, but I’m sure if we were so inclined and looked further, beyond the desktop screen, we could probably find a lot more personal information on this person – but we’ve already found way more than we’re comfortable with.
So be warned – if you’re planning disposing of an old PC or laptop, at the very least make sure you securely scrub the hard drive with freely available software. Or to be absolutely certain your personally stored information can never ever be made more public than you’d care for, take the hard drive out and destroy it yourself… 🙂