A recent study conducted by researchers of the University of Hertfordshire about the implications of selling used memory cards revealed that about two-thirds still contain data from previous owners.
The researchers bought one hundred memory cards over the course of four months on various platforms including eBay or second-hand shops and were able to recover personal data on two-thirds of them.
Personal data found on the memory cards included IDs, contact lists, selfies and intimate photos, resumes, the browsing history, passport copies, and pornography.
Only 25 of the 100 cards were wiped properly so that no data could be recovered from these devices. A total of 36 devices were not wiped or formatted at all and 29 were formatted but data could still be recovered by the researches. The remaining memory cards did not work, had no data present, or had data deleted manually (which meant it could be recovered).
Used data that buyers recover from memory cards or hard drives can result in all kinds of issues for the previous owner. Possibilities include identity theft and impersonation, blackmail, or sharing of personal photos online.
Most memory cards were used in smartphones and tablets, but some were used in digital cameras, drones, or navigational systems.
Techradar ran a similar story back in 2008. The company bought used hard drives from marketplaces like eBay and concluded that 66% of them were not properly erased so that data could be recovered.
While Techradar did not reveal the types of data that it recovered from these drives, it likely included personal data such as documents and photos as well.
Is it a coincidence that the recovery rate has not gone down between 2008 and 2018?
Avast analyzed used smartphones in 2014 and found all kinds of personal data on them. The data included more than 40,000 photos including nude photos and photos of children, email and text messages, loan applications, contact names, and more.
If you take the findings of the University's memory card research, you will notice that only a quarter of users used wiping tools to erase the data on the cards properly. While the number may change if you increase the sample size, it is clear that many users don't seem to be aware of the dangers.
One reason for that is that devices come without instructions to properly erase data. While you find articles on my site and others on the topic, it is necessary that users are aware of the issue and implications to even search for it.
Over a third of devices were formatted by their previous owners. While these owners knew that they had to do something about the data on the drive before selling the memory card, they did not know that formatting, especially quick formatting, does not delete data sufficiently.
It is important that users get educated about the dangers of selling used storage devices online. There are a couple of things that users can do to make sure data cannot be recovered.
Probably the best is to keep the storage devices and not sell them in first place. It is clear that this may not always be possible, for example when you need the money from the sale.
The second best option in my opinion is to encrypt the entire storage device and format it afterward.
Assuming that you can connect the memory card or storage device to your PC:
Cipher's /w option commands the tool to wipe the location. The tool has three passes: 1) replace all data with 1's, 2) replace all data with 0's, 3) replace all data with random numbers.
What you may want to do after you have run one of the operations explained above is to check whether recovery software can recover data on the drives.
The process of erasing data on memory cards, hard drives or other storage devices is quite technical. Some manufacturers offer custom programs to erase data on storage devices but those tools need to be downloaded and installed manually usually.
Now You: Do you sell old memory cards, hard drives, or other storage devices?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.