Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

timothy posted more than 2 years ago | from the first-scan-for-gossip dept.

Privacy 385

An anonymous reader writes "I just received 3 'refurbished' SATA drives from Newegg. All 3 had some sort of existing partition. Most appeared to be factory diagnostic partitions, but one had a full Dell Windows XP install complete with customer data. How big a deal is this? Should I contact someone besides Newegg about this?"

Sorry! There are no comments related to the filter you selected.

knowledge is power (5, Interesting)

louic (1841824) | more than 2 years ago | (#38981831)

First, have a look at the data. Then decide.

Re:knowledge is power (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38982241)

You know what? You're right. I think I'll go ahead and do what I've been considering doing for some time now, and encrypt the hard drive of my laptop.

Re:knowledge is power (5, Insightful)

ackthpt (218170) | more than 2 years ago | (#38982307)

First, have a look at the data. Then decide.

Just because you have it doesn't justify any actions you take based upon it. Erase it. Make sure it's completely gone. Then notify Newegg their Refurbies are morons, putting them at legal risk, as well.

Re:knowledge is power (0)

Anonymous Coward | more than 2 years ago | (#38982351)

First, have a look at the data. Then Blackmail

Re:knowledge is power (3, Insightful)

tunapez (1161697) | more than 2 years ago | (#38982401)

Knowledge can be quite a burden, too.

Re:knowledge is power (5, Funny)

steelfood (895457) | more than 2 years ago | (#38982433)

Same thing you do with every other mostly-dead drive: Go through it and look for pr0n.

Re:knowledge is power (0)

Anonymous Coward | more than 2 years ago | (#38982479)

First, have a look at the data. Then decide.

First, post the data. Then let us decide.

(I suggest you avoid using Megaupload for the image file - just give us the magnet link and we can take care of the rest)

Two choices... (5, Informative)

mlts (1038732) | more than 2 years ago | (#38981845)

Choice #1: Send the drives back and demand ones without confidential data on them.

Choice #2: Use a utility like HDDErase which uses low level ATA commands to tell the controller to wipe the drive. This will wipe every sector, even ones that are bad, relocated, or protected ones. After that, follow up with DBAN for good measure.

After that, don't worry about it.

Re:Two choices... (4, Informative)

jhigh (657789) | more than 2 years ago | (#38981933)

I would definitely let Newegg know about this. This is potentially a very serious issue for their customers.

Re:Two choices... (5, Insightful)

Joce640k (829181) | more than 2 years ago | (#38982161)

Is it Newegg's job to wipe the drives?

I would have thought it's up to the original owner to make sure there's nothing important on there.

Re:Two choices... (5, Insightful)

BlackSnake112 (912158) | more than 2 years ago | (#38982235)

Refurbished drives usually mean the drive failed, was sent in for repair and now is being resold. You can wipe a failed drive? If the motor died, how can you wipe it? The average person does not have the utilities to wipes a failed drive. Whoever refurbished the drive should have wiped it, not newegg.

Re:Two choices... (4, Insightful)

rickb928 (945187) | more than 2 years ago | (#38982469)

This drive was not refurbished . At best it was put through a cursory test and passed. Newegg failed twice: once, not actually refurbishing the drive , and second not wrong it. Dishonest and incompetent in one pass.

Or their outsourced team, still responsible.

Re:Two choices... (4, Informative)

director_mr (1144369) | more than 2 years ago | (#38982519)

No, refurbished drives do NOT mean the drive failed. It means someone returned the drive, and the thing tested good, or that someone returned a computer that they parted out, and the hard drive tested good. Bad hard drives are VERY rarely repaired, and only if it is a very easy, cheap and quick fix, and I can't think of any such repair except maybe unbend a pin or put the jumper on correctly, and SATA drives don't have either of those issues. They simply don't cost enough to justify repair.

Re:Two choices... (3, Insightful)

AF_Cheddar_Head (1186601) | more than 2 years ago | (#38982247)

If the drive is truly "refurbished" NewEgg or its supplier should be testing the drive and in the process of testing the data should be wiped. Yes, I know that a "refurbished" drive has not been fixes but at least it should be tested and wiped to ensure that it meets OEM specifications.

Re:Two choices... (1)

hrieke (126185) | more than 2 years ago | (#38982425)

No, but they *can* communicate with the drive manufacturer to have them put into place a policy & procedure to ensure that the drives *are* wiped clean before being shipped out.
Actually, since there is data on the drive, I would wonder exactly how well tested the drive was before being sent to Newegg for sale.

Re:Two choices... (1)

TheGreatOrangePeel (618581) | more than 2 years ago | (#38982475)

There are strict laws that govern the receipt, storage and sharing of personal information. To put it simply, you can't do any one of those things without first having the consent of person that you have data about. In this case it could be argued that receipt and storage was given implicitly by the return of the hard drive to the company that refurbished the drive. However, the fact that a drive, potentially fully loaded with highly personal data, made it from one customer to another is a serious issue. All of this is to say that, if Newegg refurbished the hard drive, then yes, it IS Newegg's job to wipe the drive.

Re:Two choices... (5, Insightful)

hairyfeet (841228) | more than 2 years ago | (#38982295)

I agree that Newegg should be told, as they may have a problem in their supply chain. Who knows what company they are buying these refurbs from and I'm sure they have in the contract they are supposed to be zeroed and testing prior to shipment. That said I always give any new drives a quick zeroing out just in case, you never know even on a new drive if some manufacturer in China is gonna have a bug on that machine that is formatting the drives and then a quick runthrough with spinrite on level I just to make sure they are good. For those who have never used the program spinrite on level I simply bypasses the firmware so the drive can't replace bad sectors with spares and then does a simple write/read/erase where it writes to each sector once and ensures that it can read the data before going on to the next. if a drive can't do a simple read/write without significant bad sectors it simply isn't worth trusting data to.

But I've had quite good luck with refurbs from both Newegg and Tigerdirect and if a drive passes spinrite level I it'll be no more risky IMHO than any other drive. You'd be amazed though at how many companies sell or toss drives with data on them, I had a friend working at one of the big telecos as a temp hand for their big computer upgrade and he calls me and says "Hey bud, you still got your truck? good why don't you come out here and bring it around back, they are just chunking their previous systems and most are loaded to the gills with excellent hardware and they said anybody that wants to can help themselves" so when i get there he loads what can't be more than 3 year old Dell workstations nearly to overflowing in my truck, around 60 in all. I get them back to the shop and go to fire one up to see what the BIOS says and missing the BIOS prompt it starts to boot! Sure enough the full OS is there, no password, and there is still all kinds of customer data on these things! I of course Dbanned the drives but if I would have been a bad guy it would have been like Xmas.

If what I saw was typical no wonder we have so many data breaches, but it really doesn't surprise me this guy ended up with drives that had data, picking up off lease systems I find that kind of thing all the time.

What really happened (3, Insightful)

tomhudson (43916) | more than 2 years ago | (#38982387)

Someone along the chain swapped the RMA'd drive for one they had hanging around. They get a refurbed drive with (hopefully) more lifetime left before failure (and the ability to return it if it does die), you get a ticking time bomb and no warranty.

Re:Two choices... (1)

Anonymous Coward | more than 2 years ago | (#38982005)

I wouldn't have thought it matters if he securely erases them or not. It is not his responsibility. I would just contact Newegg and hopefully they will begin wiping drives as part of the refurb process.

Re:Two choices... (1)

g0bshiTe (596213) | more than 2 years ago | (#38982025)

I agree, keep them, you bought them knowing they are refurb. It means someone didn't do their job properly and wipe their data, both the original owner of the drive and the reseller (it's likely not New Eggs fault). You should wipe them, and let New Egg know there was data on them so they can inform their supplier.

Re:Two choices... (2)

Miamicanes (730264) | more than 2 years ago | (#38982283)

Most of the time, there's not a whole lot the original owner can do if it's a consumer-grade hard drive. I believe some enterprise laptop hard drives are encrypted by a key that can be blown away (rendering the data on the drive into digital noise) regardless of whether or not the drive is working properly, but it's rare for consumer (or enterprise drives used in servers, for that matter) to make use of the feature because it reduces your odds of ever performing successful data-recovery on the drive down to approximately "zero" if the drive fails due to a controller failure.

Given a choice between a tiny risk of unauthorized disclosure, and the overwhelming risk of permanent data loss, most people will roll the dice with unauthorized disclosure... especially anybody who's had literally dozens of hard drives die since the late 80s (and noticed that the failure rate seems to be INCREASING over the past few years), but never had one actually get *stolen*.

For obvious reasons, "secure erase" by blowing away a whole-disk encryption key isn't something you want to be TOO easy to initiate (ideally, it should only be possible to do with a jumper in place that's not there by default), because otherwise you'd have the ULTIMATE denial-of-service trojan attack vector.

Re:Two choices... (0)

Anonymous Coward | more than 2 years ago | (#38982039)

3rd choice

look at the data, contact the owner, contact a lawyer, profit

Re:Two choices... (4, Interesting)

Korin43 (881732) | more than 2 years ago | (#38982043)

Instead of choice 1 and choice 2, I would say step 1 and step 2:

1. Inform Newegg that there's a problem with their process (considering this is on Slashdot, this may already be done).
2. Erase the drives.
3. ???
4. Profit

Re:Two choices... (4, Informative)

wjousts (1529427) | more than 2 years ago | (#38982081)

Why even bother with industrial grade hard drive whipping? It's not you data, so who cares. Just a regular erasing should be fine. If I was the questioner, I would probably just repartition, format and get on with it.

A quick e-mail to New Egg to bitch them out might be worthwhile too.

Re:Two choices... (2, Insightful)

vortechs (604271) | more than 2 years ago | (#38982209)

Depends on the data on the drive. If there's instructions for building explosives, child porn, or something similarly problematic (depending on your current locale) on there, and you don't do a industrial grade wipe, it could be an issue for you later...

Re:Two choices... (2)

TheCarp (96830) | more than 2 years ago | (#38982355)

That was my thought exactly. There was a story just the other day about a thief who stole a couple of cell phones from a car. He found child porn on the phones, and turned himself in. The judge gave him 1 month in jail... because he neither wanted to encourage theft nor discourage reporting child porn, and the guy also had stolen a car previously....

In any thought was...good thing he looked! Good for the kids obviously, but, him too. How much of a mess would that have been had he been picked up for his stolen car charge and THEN the police found the CP. Sure, they will know it was a stolen phone but, whether they would believe that the CP was the original owners or his.

I wouldn't take any chances with data like that. I might look over the drive to see if there was anything really problematic (might even let the original owner know if I identified him) but... since I can't trust my ability to find what may be hidden, the only safe move next is to wipe the whole drive.

Re:Two choices... (3, Insightful)

JosKarith (757063) | more than 2 years ago | (#38982229)

And then your house gets raided because you've been naughty enough to download an episode of Glee. Under forensic examination your main data drive seems to have 45Gb of deleted pr0n, some of it CP.
Suddenly you're in a whole new world of hurt that involves trying to prove to a justice system that goes for the simplest possible answer that you didn't put it there...

Re:Two choices... (1)

Lucas123 (935744) | more than 2 years ago | (#38982095)

What about SSDs? Does HDDErase work for flash?

Two? Three (0)

QuasiSteve (2042606) | more than 2 years ago | (#38982117)

Choice #3: Mine the data, use to your advantage.

Yes, I'm sure we're all civilized people here with great integrity. But that doesn't preclude the submitter from being evil and lord knows there's plenty of others who are nefarious.
Even if you're not particularly evil, I know few people who wouldn't be tempted to see if that refurbished (camera+)memorycard had any fun photos on there.. just to have a peek. We're a curious bunch, after all.

Re:Two? Three (0)

Anonymous Coward | more than 2 years ago | (#38982441)

Post replies to 4chan

Re:Two choices... (0)

Kjella (173770) | more than 2 years ago | (#38982163)

Why should you be arsed to wipe their data? I'd just use it after a quick format, unless I was returning them. Personally I wouldn't bother as long as they were supposed to be refurbished and so technically okay from my point of view, but it would be fun if you could get some info off the disk and notify them directly so the victims can scream at Newegg.

DBAN (2, Informative)

the real darkskye (723822) | more than 2 years ago | (#38981857) []

Enough said.

Re:DBAN (0)

Anonymous Coward | more than 2 years ago | (#38982279)

Their logo says it all !

Re:DBAN (3, Informative)

hairyfeet (841228) | more than 2 years ago | (#38982345)

Actually there is a MUCH better tool friend, I'd suggest Hiren's Boot CD [] instead. not only does it have Dban as well as a good dozen or more HDD utilities but it has just about every tool you'd ever need from password reset to system info to testing of all major components. It really is a Swiss army knife of system tools and can be run off the CD in Windows so you can use the tools without needing to boot off the disc first. Truly a great tool to have.

use dd (0)

Anonymous Coward | more than 2 years ago | (#38981867)

Newegg is a bunch of morons.
dd if=/dev/sda of=somefile
Then reformat the drive, do whatever you want with it. Take the dd image, mount it and browse through it. Credit card numbers, passwords, private photos and shit - you bought it, so it's all yours.

Re:use dd (1)

Adriax (746043) | more than 2 years ago | (#38982053)

I would think a reformat would be a standard part of any retesting procedure.

Re:use dd (5, Informative)

Richard Dick Head (803293) | more than 2 years ago | (#38982383)

You'd be surprised.

Long time ago I temp'd at a place that did computer recycling for various companies, mostly for a company that was a large depot of home supplies...Turns the hard drive security wipes were a "dog and pony show", to quote the supervisor. I was instructed to run the formatting utility for about 5 seconds, and then hit cancel and throw it in the "done" pile. "That gets the first part of the drive, the rest doesn't matter."

The people that do this kind of thing have hundreds of drives to do for the day, and there is no QA, so throwing a few in the done pile without clearing it just makes you look good for being extra productive, and nobody gives a shit about the data. Never cheated myself, though I probably should have. I was fired after two weeks, go figure.

Re:use dd (1)

X0563511 (793323) | more than 2 years ago | (#38982183)

Yea, I suppose you think that's Newegg's responsibility?

Data Breach (5, Insightful)

gellenburg (61212) | more than 2 years ago | (#38981875)

Technically it qualifies as a Data Breach Incident. Depending on the industry the original drive belonged to shit could hit the fan.

The fault lies entirely with the original owner for not wiping the hard drive before returning the equipment. NewEgg is ot in the data wiping business.

Of course the easiest thing for you to do would simply be to repartition it and reformat it.

Re:Data Breach (3, Insightful)

forkfail (228161) | more than 2 years ago | (#38981935)

So - then are you saying that you should never RMA a failed HD? Because if NewEgg doesn't wipe drives as part of the refurbishment, then you can never send a drive back.

Re:Data Breach (1)

Anonymous Coward | more than 2 years ago | (#38981987)

Any facility that ACTUALLY refurbishes the product should be wiping it as part of the process.

Customers having to send a drive in with a failed controller or read head shouldn't be told "too bad you should have just ate the money loss" because they couldn't wipe it, if it's still under warranty. That makes the warranty worthless.

Re:Data Breach (1, Informative)

Anrego (830717) | more than 2 years ago | (#38982129)

I think this is yet another reason full disk encryption should just become the norm for people storing sensitive data.

Re:Data Breach (1)

qwijibo (101731) | more than 2 years ago | (#38982245)

There are support contracts with large companies that take this into account. I used to work for a financial company that would not allow hard drives to leave the data center. There was some fee associated with this arrangement, but it was less than the cost of buying a replacement drive. When you have a lot of hardware from a particular vendor, it's not a big deal to let the little stuff like this slide.

Re:Data Breach (1)

Richard_at_work (517087) | more than 2 years ago | (#38982011)

If you are at all concerned about your data, you should not RMA a failed disk.

Now, I'm not entirely sure what the answer is to "my hard disk failed after 3 months - I want a new one under the warranty" for consumers, but when I was buying corporate stuff from Dell they had a service where I could pay a small additional fee per drive (something like £10 GBP) and get to keep the failed unit when they replaced it.

Re:Data Breach (0)

forkfail (228161) | more than 2 years ago | (#38982113)

Which, as the AC above you points out, makes the warranty worthless.

That's not an acceptable answer, IMO. It may be reality, but it is horrible business practice.

Re:Data Breach (1)

Richard_at_work (517087) | more than 2 years ago | (#38982191)

Well, whats the answer then? The company is entitled to have their failed item back if they are replacing it - otherwise the solution would be that its not a replacement, but all warranty failures are dealt with by repair, which will raise costs considerably. Guess who will bear those costs?

Re:Data Breach (1)

tomhudson (43916) | more than 2 years ago | (#38982507)

Actually, since they replace new drives that are DOA with refurbs (in other words, used drives), that's pretty much fraud. If I wanted used, I'd have bought used. Seagate pulled this stunt on me on 4 new drives ... all 4 failed, as did 13 of the next 15 refurbs.

Re:Data Breach (1)

X0563511 (793323) | more than 2 years ago | (#38982227)

You didn't read the full comment before smashing "Reply", did you? Let me quote for you, since going back and reading it yourself might prove too difficult:

... they had a service where I could pay a small additional fee per drive (something like £10 GBP) and get to keep the failed unit when they replaced it.

Re:Data Breach (1)

Anonymous Coward | more than 2 years ago | (#38982091)

This is actually correct in some situations.

Not being able to send certain equiptment back for repairs do to data security requirements is a cost of business in certain industries (medical, defense, etc..).

Re:Data Breach (1)

mark-t (151149) | more than 2 years ago | (#38982261)

And if word of that happened to get out that company X never returns defective products because they don't want the security risk, everybody in the area jumps on it and sells them inferior products at regular prices. What's the company going to do about it? Return it? They can't... due to internal policies.

Yeah, it's collusion.... yeah, it's illegal. But a warranty would protect a customer from that. It's the company's own choice to not utilize such a warranty.

So their best bet would probably be to actually *own* a hard drive company, or otherwise be in the business of making hard drives.

RMA of drives with confidential info (0)

Anonymous Coward | more than 2 years ago | (#38982367)

Probably 5 years ago when I was in the industry, I had an arrangement with high end makers/distributors of enterprise level disk drives that for failed drives, I could call them and give them the serial number, they would replace the drive and my shop could then destroy the failed drive. It was a condition of buying their drives. Had this arrangement through distributors with the two drive makers of such disk drives at the time. Since we bought in the hundreds and they knew where the drives were going, they appreciated that they could never possibly see a platter that data had been written on it.

Re:Data Breach (1)

hawguy (1600213) | more than 2 years ago | (#38982135)

So - then are you saying that you should never RMA a failed HD? Because if NewEgg doesn't wipe drives as part of the refurbishment, then you can never send a drive back.

I wouldn't send back a potentially repairable drive that has my personal data on it.

At work, we have some drives that we're not legally allowed to return unless we can do a secure wipe of the drive (or the manufacturer will certify that they've destroyed the data). We had to pay extra for our storage array maintenance contract for non-return.

I haven't had to return a consumer hard drive (yet), do they have to be returned in working order? If not, then I'd open it up and physically scrape a screwdriver across the platters. The data might be technically recoverable, but you know they aren't going to send those platters to another customer. (I'm not saying that I've never had a home hard drive fail, but typically by the time it does, it's old enough that I just buy a newer, bigger drive for not much money)

Re:Data Breach (1)

darkmeridian (119044) | more than 2 years ago | (#38982315)

Uh, yeah. If you're in a high-security field such as medicine, defense contracting, or the like, you should not return hard drives that contain sensitive information. You should just suck it up and destroy the drive if you can't reliably wipe the data off of it.

Re:Data Breach (1)

drerwk (695572) | more than 2 years ago | (#38982493)

I bought a 2TB drive from NewEgg recently and made it my TimeMachine backup drive. After about a week it started unmounting randomly. Of course it had a full backup of everything on my main HD at that point. I was lucky that it mounted long enough for me to wipe the drive before I RMA'd it. I would have eaten the $200 rather than return it with my data on it. And I am thinking I might go to encrypting my backups at this point. But I never sell or give away old drives - I usually put a steal punch through the case and platters and toss the drive.

Re:Data Breach (1)

Karnak23 (159368) | more than 2 years ago | (#38982083)

Good point about the Data Breach Incident. Granted, NewEgg is not in the business of wiping drives but if this does qualify as a DBI then NewEgg may have some liability here. This would be similar to pawn shop owner that receives and resells stolen property. Even if the owner wasn't aware that it was stolen, they still have some liability if they didn't do their due diligence to find out.

IANAL, but you might consider sending the drive back and explaining the situation to NewEgg. If it's not a DBI, they'll wipe the drive and restock it. If it does qualify as a DBI, you might just have spared them some legal hassles.

Just my 2p.

Re:Data Breach (1)

forkfail (228161) | more than 2 years ago | (#38982173)

I'm still curious, though. If NewEgg isn't responsible for wiping a drive where say the controller has failed, then does that not make the warranty worthless?

And note that this would apply to desktops and laptops as well.

Furthermore, NewEgg does sell Extended Warranties.

So how does one reconcile the fact that that they sell you hardware protection, but if you exercise your contractual rights to said protection, your data goes out into the wild?

Re:Data Breach (1)

Anonymous Coward | more than 2 years ago | (#38982287)

Do you not know how hard drives work? It's very hard to wipe them WHEN THEY DON'T WORK. This is absolutely the REFURBISHER's responsability, not the customer. I can't believe you are this dense.

Re:Data Breach (1)

PoochieReds (4973) | more than 2 years ago | (#38982339)

You're assuming that the customer had the ability to wipe the drive after it failed. If it was defective then it's quite likely not to be the case.

This sounds an awful lot like someone returned the drive either mistakenly thinking it was defective, or after hitting some sort of intermittent failure with it. NewEgg (or the HD vendor) then "tested" it and stuck it back on the shelf without wiping it. Or maybe they replaced some of the solid-state components and called it a day.

Either way, I'd be very suspicious about putting my data on it. It certainly wasn't tested well after being "fixed" at the very least.

Re:Data Breach (0)

Anonymous Coward | more than 2 years ago | (#38982431)

The fault lies entirely with the original owner for not wiping the hard drive before returning the equipment.

Yeah, 'cause everyone has a degauss standing around in his kitchen...

Nuke it (1, Informative)

NortySpock (1966236) | more than 2 years ago | (#38981883)

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

Just wipe the drive and move on. You don't want to know, and it's too much hassle besides.

That is simple... (1)

Lumpy (12016) | more than 2 years ago | (#38981887)

The responsible thing to do is to make a TGZ of the contents and post it on Pirate bay. Zero the empty space to achieve the best compression, although someone might like rooting around in the raw data..

Re:That is simple... (0)

Anonymous Coward | more than 2 years ago | (#38982185)

No. If the drive contains sensitive data it could open you up for liability. For example, it could be military data from a lazy sub-contractor. if you released this information then you could be held to some espionage charges. Another example... if you returned the drive to Newegg with the complaint that it had data and Newegg found sensitive data and contacted the authorities, you could also get a visit from law enforcement investigating what you did with the data.

The best thing to do is wipe the drive and move on. If you admit to having viewed the data then it could get into a whole mess.

Who cares? (5, Informative)

jdastrup (1075795) | more than 2 years ago | (#38981903)

Why bother? Ignore it. Dumb question. Move on.

Re:Who cares? (1)

royallthefourth (1564389) | more than 2 years ago | (#38982021)

Don't ignore it, get that OS license key!

Re:Who cares? (1)

NotQuiteReal (608241) | more than 2 years ago | (#38982093)

What if it has kiddie porn, terrorist plans, etc?

Re:Who cares? (0)

Anonymous Coward | more than 2 years ago | (#38982365)

You're right. What does the question asker expect Newegg to do other than to say "Ooh, sorry about that. Won't happen again".

Seriously, who could not be aware of the risk of information leaks from selling on recycled HDs? These are known risks that are easily avoided and should never happen.

Simple and easy solution (1)

aglider (2435074) | more than 2 years ago | (#38981909)

Run a few times (>=2 ) the command:

dd if=/dev/urandom /dev/sdx bs=4096

The solution is a little bit harder if you don't run Linux: install it first.

Re:Simple and easy solution (1)

LoadWB (592248) | more than 2 years ago | (#38982059)

dd exists for Windows, too. And Amiga. And Atari. I think there's even a CP/M version out there.

Re:Simple and easy solution (1)

idontgno (624372) | more than 2 years ago | (#38982119)

Even simpler answer to that: livecd (or live usb) linux environment, rather than installing more stuff on your Windows or Amiga or Atari box.

Re:Simple and easy solution (2)

DogDude (805747) | more than 2 years ago | (#38982101)

dd if=/dev/urandom /dev/sdx bs=4096 The solution is a little bit harder if you don't run Linux: install it first.

And people say Linux is still hard to use....

Re:Simple and easy solution (0)

Anonymous Coward | more than 2 years ago | (#38982329)

An arcane terminal command with missing information makes Linux easy to use? Are you serious?

'what does dd mean? I typed this on the desktop and it didn't work. Why does it say /dev/sdx doesn't exist?? Why is the command not doing anything after my nerdy friend told me the magic needed to make it work? How long do I have to wait??'

Toxic data (1)

Kardos (1348077) | more than 2 years ago | (#38981913)

Well on one hand, it mustn't be important data if they just resold the drives. I'd just wipe them and move on.

On the other hand, you essentially have a pirated copy of Win XP now, plus a bunch potentially sensitive data. So in the interests of limiting liability on your part and on NewEgg's part (or whoever provided the drives to NewEgg) it makes sense to inform them.

The drives are yours, the data is not (1)

Anonymous Coward | more than 2 years ago | (#38981929)

First off the drives are yours, but the data isn't. You are within your rights to wipe the drives clean and use the drives as you wish, BUT I would highly recommend contacting Newegg about this data privacy breach. The data on those drives is defiantly not yours and Newegg should NEVER sell a drive with personal data on it (no matter how confidential it is). Someone should be losing their job over this.

I've gotten "new" drives from Newegg and Amazon... (4, Informative)

slaker (53818) | more than 2 years ago | (#38981931)

I've gotten drives I purchased as new from Amazon and Newegg with exsiting Windows installations on them. In fact, I'd say I see it maybe once in every 30 drives I get. I buy enough drives that I see six or seven such drives in a typical year. Once I got a drive that was clearly part of a Windows SoftRAID before I formatted it.

Personally, I send those drives back. They clearly aren't new and they're not fit for sale in that state. I'm not paranoid enough to go looking at the SMART data for power on hours but when I run across drives like that it makes me think I should. Amazon will pay return shipping on drives in that condition. That is a good reason to buy drives from Amazon.

Re:I've gotten "new" drives from Newegg and Amazon (4, Insightful)

jdastrup (1075795) | more than 2 years ago | (#38982037)

That is a good reason to buy drives from Amazon.

So Amazon selling used drives labeled as new is a good reason to buy from them? Sounds to me that you need a new vendor. And if you're buying 210 drives a year (one used drive every 30, and you see 7 used drives a year), I highly recommend you get some sort of direct wholesale or resellers account instead.

You already had a peek at it!!! (0)

Anonymous Coward | more than 2 years ago | (#38981939)

Or else you would not be asking this question? Take whatever is useful and get rid of the useless data. If you did not then you are one of the good ones remaining ;wipe them with several passes and start using them

seat belt (5, Informative)

pak9rabid (1011935) | more than 2 years ago | (#38981963)

I can't help but be reminded of this scene from the movie Old School:

Mitch: Sorry, your seat belt seems to be broken. What do you recommend?
Cab Driver: I recommend you stop being such a pussy. You're in the back seat.

Just don't even worry about it. Nobody you complain to is really going to care. Give it a quick scan for anything interesting, and format once you're done.

That's easy. (0)

Anonymous Coward | more than 2 years ago | (#38981973)


Manna (0)

Anonymous Coward | more than 2 years ago | (#38981983)

Manna. Check it for any good stuff (sexy pics of hot former user, passwords, credit card info etc), and use it as you see fit. The disc serials could potentially be traced to you, so use some common sense. But a little evil does a body good.

Yeah, that's kind of a big deal .... (2)

King_TJ (85913) | more than 2 years ago | (#38981989)

I'd ask if you can do an exchange for one with Windows 7 on it, since XP is getting pretty long in the tooth ....

Seriously though, it sounds like NewEgg is usually putting the used drives through some sort of diagnostic process, if they all had special partitions on them for the purpose. Maybe they simply need to train their bench techs to wipe the drives first, instead of making the assumption that creating the new partition is ensuring any old data on the drive becomes unreadable/inaccessible?

What to do?? (0)

Anonymous Coward | more than 2 years ago | (#38981995)


Other point of contact (1)

stinkydog (191778) | more than 2 years ago | (#38982035)

There are some eastern european 'gentlemen' that will pay top dollar for quality information. Just extract the names and social security numbers, you can keep the drive.


Are you in the USA? (0)

Anonymous Coward | more than 2 years ago | (#38982079)

If so, I'd just reformat the drive and keep my mouth shut.

Goodies (4, Funny)

spooje (582773) | more than 2 years ago | (#38982111)

First check for free porn, then call New Egg about it.

Happened to us once (3, Interesting)

Gavin Scott (15916) | more than 2 years ago | (#38982133)

Quite a few years ago we bought an allegedly new drive from a bay area electronics retailer, and found it to contain some sort of raw partition containing a list of the names of approximately HALF THE PEOPLE in the United States along with some "number". Those of us who were listed in the data were unable to figure out what the number might be (an account number etc.)

Eventually we got bored with the data and put the drive in service for its originally intended application.

I wrote up the event and sent it off to the RISKS list, especially as Peter G. Neumann, the moderator of RISKS, was listed in the data, but they didn't publish it.


Re:Happened to us once (0)

Anonymous Coward | more than 2 years ago | (#38982273)

So you're trying to tell us that someone filled a drive with nothing but about 150 million names paired with 150 million numbers? Either you're making it up or there's some batshit insane people in this world. I think I'd be more comfortable if you were making it up.

Re:Happened to us once (0)

Anonymous Coward | more than 2 years ago | (#38982473)

Something with one row of data and a number could be a partition of a database, possibly exported.

Depends. (0)

Anonymous Coward | more than 2 years ago | (#38982159)

If the data is boring just ignore it, otherwise you might like to go get your whistle.

At some point you'll want to wipe it, with Linux this is my fav:

testdisk () {
      [ -e "$1" ] || { < "$1" ; return; }
      cryptsetup create towipe $1 -c aes-xts-plain -d /dev/urandom
      badblocks -svw /dev/mapper/towipe
      cryptsetup remove towipe
      dd bs=512 count=1 if=/dev/zero of=$1

Just run it with: testdisk /dev/sda

It quickly wipes the disk with data that is indistinguishable from encrypted data. Checks that the disk is in fact OK and makes sure that S.M.A.R.T has had a chance do check over the entire disk. If it passes this it's a good disk (for now).

Send it back (1)

mhkohne (3854) | more than 2 years ago | (#38982177)

If it doesn't have the same diag partition, then NewEgg didn't do their usual refurb testing on it. Which means that there's a chance it's not in as good a shape as the others. So send it back and make them give you one that's been properly refurbed. There's no excuse for them not to have wiped the drive in the process of testing it before they resold it.

Just Re-Format (1)

TheNinjaroach (878876) | more than 2 years ago | (#38982211)

You don't need to write 0s or random data to disk, just format that sucker and start using it. Also, if you want, email New Egg to tell them about the problem. Maybe they'll forward the message onto the supplier who refurbishes drives and resells them without wiping the data first.

How badly do you want/need to be involved? (3, Informative)

davidwr (791652) | more than 2 years ago | (#38982221)

I assume you don't have any LEGAL obligation to do anything other than not try to view the data. If you have any reason to suspect otherwise, ignore this entire Slashdot threat and call a lawyer.

Now the question is, how much do you WANT do do, which boils down to "at least as much as your conscience requires" and "not so much work that you'll wish you'd never ordered the drive in the first place."

At the low end of the stress scale, take an earlier poster's suggestion and use HDDErase or something similar followed by DBAN should make sure you don't ever stumble across their data. Sending it back to NewEgg accomplishes the same thing.

If you send it back, I wouldn't use the normal return method. Instead, I'd write a letter to a high-level executive and include a copy of the drive-plate cover, a screen-shot, and a copy of your order along with a request that the executive do what it takes to make sure this never happens again, then ask for instructions to return the drive. Send the letter by certified mail. Keep copies of all correspondence.

At the high end of the stress scale, you can probably complain to a government agency, as NewEgg may have violated the law.

There are other options in between.

Oder more (2)

zwei2stein (782480) | more than 2 years ago | (#38982271)

Order more drives. Hope for jackpot.

Possession... (1)

ThinkDifferently (853608) | more than 2 years ago | (#38982299) they say, is nine-tenths of the law.

Extortion! (1)

C60 (546704) | more than 2 years ago | (#38982301)

Contact the original owner, and extort them for $50k. It worked so well for Anonymous and Symantec.

Seriously, why does it matter? (1)

GodfatherofSoul (174979) | more than 2 years ago | (#38982369)

Only you know how much you care, so only you know how far to go to do something about it. If it were me, I'd look at the files to see if there was something interesting then go from there. Otherwise DBAN and deal with it.

Just wipe it clean (0)

Anonymous Coward | more than 2 years ago | (#38982437)

A while back, I bought my PS3 from a game stop, and good lord, it still had someone else's profile and stuff on it. I think it even had their login saved too.

I simply did a restore of the system, wiping it clean.

It's not Newegg's responsibility to wipe the drive (1)

rollingcalf (605357) | more than 2 years ago | (#38982451)

If the hard drive was sold as new and had somebody's data on it, that's a strong case against Newegg.

But this is a used hard drive, and it's not Newegg's responsibility to wipe it unless they're advertising that it's been wiped. Newegg's responsibility is just to test it to see that it works (and fix it if necessary) before selling it as refurbished. Wiping the data is the responsibility of the previous owner of the hard drive.

Having said that, it would be a good idea for them to at least do a quickformat before selling it.

So What Brand of Drives were these? (1)

rubeng (1263328) | more than 2 years ago | (#38982461)

It would be good for the rest of us to know which manufacturer is sloppy with handling their refurbs.

Not hard. (0)

Anonymous Coward | more than 2 years ago | (#38982471)

dd if=/dev/zero of=/dev/[your device here] bs=1M count=1

This zeros the first megabyte of the drive This will erase the boot sector, in case any fun little surprises are there. Will also wipe the partition table so you can start fresh! (Yeah, it's more than necessary but it's easy to type. You're wiping out the data anyway.)

If you're feeling nice and actually want to destroy data on the whole device there's DBAN. Free and easy and wonderfully effective. Just takes longer.

Should I contact someone besides Newegg about this (1)

iB1 (837987) | more than 2 years ago | (#38982525)

Yes.... Tell everyone on Slashdot!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?