May 8, 2012 at 7:49 AM ET
So you have a cell phone or laptop you don't want anymore. Will you sell it, recycle it or give it away?
Maybe you should destroy it, so it doesn’t spill your secrets.
Most smart devices are designed to save your personal information. You may think you've erased everything, but it could still be loaded with data – the sort of stuff an identity thief can use to target you. It's a hidden security risk most people don’t know about.
"I was surprised that I found people's entire digital lives,” says Robert Siciliano, an identity theft expert who consults for McAfee, the digital security company.
Like many of us, Siciliano used to sell his old digital devices when he upgraded to new ones. Not anymore.
Here's why. Siciliano did a little experiment. He went online and bought a bunch of digital devices: iPhones, iPods, laptops, desktops, netbooks and notebooks. He wanted to see what type of information he could find on them.
Of the 30 devices he bought, Siciliano was able to retrieve data from more than half of them. And here’s the really scary part. In most cases, he says, sellers thought they had purged the data. But for someone who knows computers, it wasn’t hard to retrieve the information.
“I found just about anything you can imagine someone would have in a digital format,” he tells me. “I found family photos, personal documents, court documents, child support documents, user names and passwords, Social Security numbers and birthdates. I found employee records and tax documents. I also found a lot of pornography.”
Siciliano says equipment manufacturers and software developers need to do a better job so people can effectively erase and delete the data stored on their devices.
“A problem with a lot of the digital devices we have today is that when you reset the operating system, when you reinstall or reformat, it often doesn't do the job it says it does,” Siciliano says. “So you're leaving a lot of bread crumbs that can be all spliced back together, which allows a bad guy to basically steal your identity.”
Based on his experiment, Siciliano says BlackBerries are the best at completely scrubbing deleted data.
Apple products also do a good job. Devices that run on Google’s Android operating system, he says, are the worst. Even when users did a factory reset, Siciliano still could find a tremendous amount of data. He also found that it was hard to completely scrub devices that run on Microsoft’s Windows XP.
Asked to comment on Siciliano's findings, Microsoft said newer versions of its operating systems have considerable security and privacy improvements. Google did not respond.
(Msnbc.com is a joint venture of Microsoft and NBC Universal.)
Siciliano tells me what he found scared him so much that he will never again sell an unwanted digital device that has storage capability.
"I will take it and put it in a vice and I will drill holes through it. I will smash it with a sledgehammer. Or I'll put it in a bucket of salt water for a year,” he says. “But you're not going to see me selling it.”
One more important finding from this study: Many of the used smartphones and computers Siciliano bought were infected with viruses and other malicious software. If he had used them, his personal information could have been compromised. That’s something to think about before you buy someone else's digital device. The money you save may not be worth the risk.