Salvation Army: leaking data and giving people crabs

The trouble with buying stuff used is that you never know what the last person who had owned the thing was up to. Sometimes you win out and the preowned factor works in your favor – like when we bought our “preowned” Wii the other week.

But on the other hand, sometimes you lose out big time – like when my neighbor back in NJ got the crabs (ewwww) from a pair of pants he bought at a thrift store. That’s no good… Seems to me like probably the least fun way to get crabs is the “used pants” route.

But then there’s this, which is a whole different category of pre-owned crazy. Turns out that this fellow (a kiwi) bought an MP3 player from a thrift store, and it turned out that it had all kinds of military data on the thing – personal data on soldiers, troop and equipment deployment information, and generally all kinds of crazy stuff. Not bad for 9 bucks.

Of course, this kind of thing happens all the time. For example, in college I bought a used Compaq “portable” (think laptop but in the form factor of a 25 pound suitcase) from my father’s work. At the time, he happened to work for a government agency (unfortunately not one of the cool ones) and of course there was all kinds of crazy data on the thing that you wouldn’t want the average citizenry to have.

But what’s interesting to me is not so much that this MP3 player is “da bomb” from a data leakage perspective, but moreso that the data was missing since 2005 and nobody knew it was out there. The scary part, in my opinion, is that the data had a good four years of floating around in the ether before anybody realized it was missing.

Scary.