First of all, you should know that many companies with professional servers and equipment periodically renew their systems. This is important to improve performance and efficiency, as well as to use new technologies.
It is not normal, but a part of these components can be acquired by the workers. After an inspection, to verify that there is no confidential data, they are delivered at work. He has freedom of decision, being able to sell it online if he considers it so and keeping the benefit.
A magic trick with SSD involved
The first thing is in November 2022in an inventory review, the German company SAP I detect that 4 SSD drives were missing. These units disappeared from the company’s Data Center in Baden-Württemberg. Being a very small amount, it could have been an error in counting the units.
But the German company has been surprised by the find lost SSDs on eBay. How do they know it’s your hard drives? Well, these have different designs than commercial models and unique serial numbers that are always registered.
Maybe you think they were stolen by a worker, well nothing could be further from the truth. It turns out that actually a worker bought the four SSD drives for the enormous number of 0 euro. Yes, I’ll get them for free.
Theoretically these units should have passed a security inspection before leaving the company to verify that they did not contain anything. But it was not like that and these units they kept records of more than 100 SAP workers.
The sale price is irrelevant in this case, what is important is the brutal security risk implying. Inside were worker records, but it could have contained source code for their software and could be used to create targeted attacks.
Undoubtedly, a multinational company of this type, with the sensitive information it handles, for this to happen is traca. But, as in any good story, there is a final little twist, a punchline.
It turns out that not the first incident Of this type, come on, more hard drives with information have already left the company. The most amazing thing of all is that there Happened a total of 5 times in the last two years. It shows a rather alarming lack of security and control.
Sale on eBay of hardware from Data Centers
Even if you think this is unusual, it really is something very normal. When a renovation is done, workers can purchase some of the material and do whatever you want with it. The only condition is that it has been cleaned with a low-level wipe. (hhcdropshipping.com)
Low-level erase means that on an SSD, HDD, or RAM, all bits have been cleared. This prevents any kind of data recovery process.
If you go to eBay, you’ll see HPE Proliant servers or 10,000 RPM SAS hard drives with no issues. They all come from renovation plans and have gone through “cleaning” processes. I myself in the past have bought a couple of SAS HDDs from Data Centers and they contained absolutely nothing.
What has happened with SAP is totally abnormal and represents a brutal security breach.
