Researchers at the cybersecurity company MDSec found that they could purchase used enterprise routers on eBay and find confidential corporate data from previous owners still stored on the devices. The routers contained sensitive data including email passwords, network configurations, and employee usernames. The researchers advised companies to ensure that they have proper policies in place for disposing of IT equipment and to wipe all data from devices before reselling or disposing of them.
Why it matters: This discovery highlights the importance of properly disposing of IT equipment and wiping all data from devices before reselling or disposing of them. Failing to do so can result in sensitive corporate data falling into the wrong hands, potentially leading to data breaches and other security incidents. It also serves as a reminder for individuals to wipe all data from personal devices before selling or disposing of them.
- Companies must take proper precautions to protect their sensitive data and networks, including securely disposing of or wiping devices before selling or discarding them.
- Researchers were able to purchase the used routers from online marketplaces with little to no verification of their origins.
- Failing to wipe or securely dispose of devices can pose significant cybersecurity risks for companies.