likelyhood of an attacker recovering my data on a “quick formatted" HD

digiman2372

New member
Member
Local time
4:57 AM
Messages
40
likelyhood of an attacker recovering my data on a “quick formatted" HD

Long story short, a while ago, I bought and returned a hard drive that still had sensitive information on it including social security number, passwords to online accounts, etc. At the time, I thought that I removed all the information on the hard drive because I quick formatted it a few times in a row just to be sure. However I just became aware that quick formatting is not the same as true formatting, wiping, degaussing, or sanitizing. My information is on there and its been messing up my entire life. I've been constantly stressing about it, and even losing sleep. I tried to go back to the store and see if they still had it but they said it was already sent back to the manufacturer to be refurbished and resold. I told them why I needed it and they said not to worry because they “remove all the data” before reselling it. I’m not sure what that means exactly, but I’m afraid they would only do a quick format just as I did. Now as far as I’m concerned I only have 3 hopes left of my information being safely destroyed, and they are as follows:

1.The manufacturer actually does perform a full sanitization of the hard drive before reselling it.

2. the next person who gets it sanitizes it themselves

3. the person who gets it next puts so much information on there, that it overwrites the data I have on there (I had a complete disk image on there).

That being said, are there any possibilities that I am missing? Is there any more hope for this dire situation? Please tell me something to comfort me!!!!
 

My Computer My Computer

At a glance

64
Computer type
Laptop
Computer Manufacturer/Model Number
Hp pavillion dv6 laptop(stock)
OS
64
Seagate maintains several collection depots throughout the world for the purpose of receiving warranty returned product. These sites are highly automated and optimized to screen the returned products into two fundamental groups. A significant percentage of drives returned to Seagate are determined to have No Trouble Found (NTF). These drives are separated from the rest for a faster recertification process. The rest of the drives are shipped back to Seagate factories for evaluation and repair.In the case ofSATA interface NTF drives, Seagate uses the ATA SECURITY ERASE UNIT command, Enhanced Mode, as recommended by NIST 800-88. After media sanitization, the drives are relabeled and marked as Certified Repaired HDD drives. In the case of drives returned to the factory, these drives are “re-processed”. When disk drives are manufactured, after the physical assembly of parts, the drives are “processed”. This is where the drive is given its initial low level format, servo calibrations and media defects assessment and reallocation. New drives are fundamentally blank with regards to data. Re-processed drives are also blank in the same way. Re-processing drives has the effect of full media sanitization and exceeds the ATA SECURITY ERASE UNIT command in thoroughness and coverage.

https://www.seagate.com/files/www-c...iaSanitizationPractices 05-Oct-2011 FINAL.pdf
 

My Computers My Computers

  • At a glance

    7 X64i5 84002x8gb 3200mhz
    Computer type
    PC/Desktop
    OS
    7 X64
    CPU
    i5 8400
    Motherboard
    gigabyte b365m ds3h
    Memory
    2x8gb 3200mhz
    Hard Drives
    various
    PSU
    pure power 11 400w cm
    Case
    Coolermaster
    Cooling
    cryorig m9i
  • At a glance

    7x64g54008gb ddr4 2400
    Computer type
    PC/Desktop
    OS
    7x64
    CPU
    g5400
    Motherboard
    ga b365m ds3h
    Memory
    8gb ddr4 2400
    PSU
    xfx pro 450w
How did you "format" the drive? A format does NOT get rid of data. It just removes the partition table. You can always restore a formatted disk. I did it myself.

The difference between a short and a long format is that a short (quick) format doesn't check the drive for errors while a long format will. There's no sanitation with a format at all.

If the drive is a platter, not a SSD or flash-based like NVMe, then use DBAN. A simple "DoD 5220.22" is all you really need. To take it up a notch, before you use DBAN encrypt the whole drive with Truecrypt or the now fork of Truecrypt, Veracrypt with a random password that's at least 30 characters long comprising of lower case, upper case letters, numbers and symbols. Then after you wait forever after the drive is encrypted wipe the drive with DBAN.

Ideally, platters are wiped with a hard drive degausser, but they are pretty damn expensive. You can find them on Amazon or maybe even eBay. I highly doubt the DoD, NSA, CIA, State Department, etc uses some DoD 5220.22 wipe method. They'd just run the drive though a degausser which probably takes but 5 seconds. This is complete sanitation.

As to a SSD or other flash-based storage like NVMe, this is a whole other animal. You should NEVER use a so-called "DoD 5220.22" wipe on a flash-based medium since they only have finite writes and you'll reduce the life of the drive and it's not the proper way of doing it. Ideally you'd want to use the program from the manufacturer or the live disk Parted Magic. But the way it's done may not work correctly. What I have read is that in order to sanitize a SSD is that the program, be it from the manufacture or Parted Magic has to increase the voltage by a small amount wiping the electrons from the storage chips in the SSD. Whether Parted Magic or the drive manufacturer implements this correctly I don't know. So with flash-based storage like a SSD or NVMe you have to be even more cautious. What I would do is encrypt the drive with Truecrypt or Vera Crypt even though there still might be data in the clear, then run the drive manufacture's wipe tool and/or Parted Magic. If the drive can be destroyed then just unscrew the SSD or NVMe drive and drill a hole in each memory chip and chuck in the trash. It's now sanitized.

I'm posting this information here for you for the future and anyone else that comes along. You probably don't need to worry. I'm sure as part of the hard drive manufacture's regimen they wipe the drive before resale due to the possibility of being sued. Not only that, but anyone that buys the drive may not even think to use recovery software.

I tried to go back to the store and see if they still had it but they said it was already sent back to the manufacturer to be refurbished and resold.

So the manufacture will probably wipe the drive least they get their ass sued.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
That is to show what the manufacturers do with returned disks.

Which is what the OP asked about.
 

My Computers My Computers

  • At a glance

    7 X64i5 84002x8gb 3200mhz
    Computer type
    PC/Desktop
    OS
    7 X64
    CPU
    i5 8400
    Motherboard
    gigabyte b365m ds3h
    Memory
    2x8gb 3200mhz
    Hard Drives
    various
    PSU
    pure power 11 400w cm
    Case
    Coolermaster
    Cooling
    cryorig m9i
  • At a glance

    7x64g54008gb ddr4 2400
    Computer type
    PC/Desktop
    OS
    7x64
    CPU
    g5400
    Motherboard
    ga b365m ds3h
    Memory
    8gb ddr4 2400
    PSU
    xfx pro 450w
Correction, that is to show what one manufacture does with returned hard drives. But I'm sure it is the same for all, we hope. I'm looking at it from a litigation stand point in that the HDD manufacture would be inclined by their company lawyer team to wipe the drive before repackaging and resale.

The lesson here I think is live and let learn.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
My mother would say to not suffer for what can but did not happen.

Even if the manufacture doesn't clean the drive the chances that someone who buys the drive, recover the data and use this data for non legally purposes is very little.

Next time use diskpart clean all command
Disk - Clean and Clean All with Diskpart Command
 

My Computers My Computers

  • At a glance

    Windows 7 HP 64i5 6600K - 800MHz to 4200MHz4+4G GSkill DDR4 3000IG - Intel 530
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    custom build
    OS
    Windows 7 HP 64
    CPU
    i5 6600K - 800MHz to 4200MHz
    Motherboard
    GA-Z170-HD3P
    Memory
    4+4G GSkill DDR4 3000
    Graphics Card(s)
    IG - Intel 530
    Monitor(s) Displays
    Samsung 226BW
    Screen Resolution
    1680x1050
    Hard Drives
    (1) -1 SM951 – 128GB M.2 AHCI PCIe SSD drive for Windows 7 and Lubuntu
    (2) -1 WD SATA 3 - 1T for Data
    (3) -1 WD SATA 3 - 1T for backup
    PSU
    Thermaltake 450W TR2 gold
    Keyboard
    Old and good Chicony mechanical keyboard
    Mouse
    Logitech mX performance - 9 buttons (had to disable some)
    Internet Speed
    500Mb/s
    Browser
    Firefox 64
    Other Info
    TinyWall firewall
  • At a glance

    Windows 7 Proi7-4500U 800MHz to 3.0GHz(4+4)G DDR3 1600IG intel 4400 + NVIDIA GeForce GT 745M
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus Q550LF
    OS
    Windows 7 Pro
    CPU
    i7-4500U 800MHz to 3.0GHz
    Motherboard
    Asus Q550LF
    Memory
    (4+4)G DDR3 1600
    Graphics Card(s)
    IG intel 4400 + NVIDIA GeForce GT 745M
    Sound Card
    Realtek
    Monitor(s) Displays
    LG Display LP156WF4-SPH1
    Screen Resolution
    1920 x 1080
    Hard Drives
    BX500 120G SSD for Windows and programs +
    1T HDD for data
    Internet Speed
    500 Mb/s
    Browser
    Firefox
    Other Info
    TinyWall firewall
I believe, as per above, that most manufacturers would sanitise the disc before resale.
Mainly for legal reasons, not because they necessarily care for their Customers.



However, from a Retailer, I myself have a received a supposedly brand new HDD in an anti-static bag which had someone's full C: partition on it.
All the data was there, visible to the naked eye, they had not even bothered to Quick Format it, never mind sanitise it!


I got suspicious when I saw that the bag was not factory-sealed, so I just mounted it & checked it & sure enough, data visible!


I took screen prints as proof (non-personal data only), sanitised it myself and took it back to the Retailer for replacement.
When I spoke to the Staff at the store, it turned out it was the Owner who had done it!


From the need in my own business, I am guessing that he backed-up a customer's PC before repairing it, by just grabbing a new HDD off the shelf.
I personally always used to use the same HDD over & over, so it was basically never out of my sight and with a CHKDSK /f /f done on it from time to time, "to-be-sure, to-be-sure"!
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 x64AMD Ryzen 7 2700X16GB Corsair DDR4 1066MHz1GB MSI Nvidia GeForce GTX 560 Ti Twin Frozr
Computer type
PC/Desktop
Computer Manufacturer/Model Number
IHTurbo Custom
OS
Windows 7 Professional SP1 x64
CPU
AMD Ryzen 7 2700X
Motherboard
Gigabyte X470 Aorus Gaming 7 Wi-Fi
Memory
16GB Corsair DDR4 1066MHz
Graphics Card(s)
1GB MSI Nvidia GeForce GTX 560 Ti Twin Frozr
Sound Card
On Mobo - Realtek ALC1220-VB
Monitor(s) Displays
21.5in Samsung SyncMaster 2253LW
Screen Resolution
1680 x 1050
Hard Drives
1x 500GB Samsung 970 EVO M.2 NVMe SSD - #SM2 (BOOT)
1x 512GB Samsung 850 Pro SATA SSD - #SM1
3x 4TB WD Red SATA HDDs - #WD35 , #WD38, #WD43,
1x 4TB Seagate IronWolf NAS SATA HDD - #SE44
---
1x Pioneer SATA BR-RW BDR-208D
PSU
Corsair HX850i
Case
Fractal Design Define R6 USB-C TG Blackout
Cooling
Thermalright TRUE 120 + 120mm Noctua NF-F12 Chromax Black
Keyboard
White Ducky Shine 4
Mouse
Gigabyte M6900 Optical Gaming Mouse
Internet Speed
NBN 50mbps
Antivirus
KIS 2018 + Malwarebytes Premium + Spybot Anti-Beacon
Browser
Firefox 82.0.2 (64-bit)
Other Info
2x Corsair 140mm Mag Lev Case Fans
5x Phanteks F140SP 140mm Premium Case Fans
I would first focus on what you can do right now and then explore the chances of the drive in the wild.

First, you can already do nothing more to "rescue" the drive from whoever has it (you already tried that).
Then, try your best to invalidate as much data on the disk as possible. For example, you mention passwords, consider them all as compromised and change every single one. Then, if they are effectively breached, they're useless. Some services even have alerts if unusual logins happen, so you can use those as indicators that an actual compromis happened.
As a more future-proof solution, always use a real password manager to store sensitive information if you ever plan to send out a disk like that.

I probably see three possible "attackers" that got your disk: The computer shop, the factory and the new owner.
I think the computer shop is the worst problem. They've got the disk directly from you and they know you've used it a bit. But that's all. Or do they know you personally and think they want data speciically about you? Or you're just "one more customer out of a bunch"?
From here all we can do is to guess what really happened.
Repair shops are more likely to "peek" at a customer's HD, even if only out of curiosity and without any serious malicious intention. But from peek to acting on that data is a long way, and depends a lot on the ethics of the store's people. If you've choosen a good reputable place, you can reasonably expect them to act professionally. And even then, you gave them a formatted HD, with no readyly available data right there. They must actively modify the HD to access it, which if often way out of the way to be worthy, if they aren't looking for something special. I find at least unlikely that they've got anything valuable from the formated HD.

Then comes the factory. Again it's possible that people of doubtful ethics might peek, but once again against a formated HD they'll have a hard way getting anything valuable, even if possible. And most important, they probably won't care. Most likely they use rather destructive methods as part of their normal procedure and don't really care about the data. They're neither in the business of extracting and selling your data, they just sell drives, so I find difficult to think that someone would even peek at it.

And last it comes the new user of the unit. They always come after the factory reparation, and they're supposed to get a brand-new drive, so it's even more unlikely that they can even consider the chance of data leftovers on the disk, much less if they have to use advanced tools to get it (in the case they even know about them).

In short, I would think that the likehood of such data leaking are rather low and highly unlikely to happen. If you can change all your passwords you even eliminate one vector of attack, even if they're successful. I wouldn't worry too much more than that.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-740QM8 GB DDR3NVIDIA GeForce 330GT
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
Siw2, f22 simpilot, megahertz07, IHturbo and alejandro85 thank you all so much! You all absolutely have no idea how much you all have helped! Helped would be a big understatement really. I can finally live again!! You know what the funny thing is? The hard drive just so happens to be a Seagate hard drive haha, well what do you know huh? Alejandro85, when I say “store” I mean wal-mart, so there is a really good chance it went back to Seagate for sanitization. And as you said f22simpilot, my lesson is learned! I will be much more mindful of this stuff next time. Thank you all again, seriously!
 

My Computer My Computer

At a glance

64
Computer type
Laptop
Computer Manufacturer/Model Number
Hp pavillion dv6 laptop(stock)
OS
64
Back
Top