You left WHAT on that USB drive?!

Back in 2012, Sophos picked up a stash of USB keys from a lost property auction as an experiment. It turned out that they were a scary bunch of sticks: 66% of them contained malware, and not a single one was encrypted.

Well, the more things change, the more things USB drive-related remain hair-raising…

A new study found that you don’t just run a good chance of catching something from second-hand drives: you also run the risk of getting an eyeful of sensitive data that the previous owner may or may not have even bothered to drag to the trash – not that that would actually delete the data, mind you, but at least it’s an attempt.

The study, done by the University of Hertfordshire and commissioned by a consumer product comparison website called Comparitech, looked at what could be found on second-hand drives picked up on eBay, in second-hand shops and through traditional auctions.

The researchers found that about two-thirds of second-hand USB memory sticks bought in the US and the UK have recoverable and sometimes sensitive data. In one-fifth of the devices studied, the past owner could be identified.

They bought 200 USB drives – 100 in the US and 100 in the UK – between January and May 2018.

People in the US who offload their sticks turned out to at least be aware of the need to erase their data, with only one of the drives showing no sign of an erasure attempt. In the UK, however, 19 of the devices showing no sign of attempted cleansing.

That said, researchers couldn’t recover any data from 16 of the UK devices and 18 in the US, having been properly wiped.

47 of the UK USB stick owners and 64 of US owners tried to delete their data, but didn’t succeed and the data could easily be retrieved by the researchers.