Yikes: Corporate Routers Are Being Resold Before Sensitive Data Is Wiped
It’s important for individuals to properly erase hard drives before reselling them, but companies need to remember to wipe network routers too.
A disturbing number of companies and organizations are failing to delete the data on their core routers before reselling them, according to ESET. The antivirus provider uncovered the problem after buying 18 routers from the resale market, and finding complete configuration data still on board half of them.
The leftover data “contained a treasure trove of sensitive data, including corporate credentials, VPN details, cryptographic keys, and more,” the company said(Opens in a new window). “In the wrong hands, this data is enough to jump-start a cyberattack that could lead to a data breach, placing the company, its partners and customers at risk,” ESET added.
The leftover data was also enough for the antivirus provider to identify who originally owned the core routers, which included a major Silicon Valley software developer, a data center provider, and a nationwide law firm.
“Such a profusion and array of victims suggests that many organizations—including some that really should know how best to handle such tasks—do not have reliable decommissioning processes in place,” ESET added.
ESET didn’t say where it bought the routers, but according to the report(Opens in a new window), the resold products covered three brands—Cisco, Fortinet, and Juniper Systems—and ranged in prices from $50 to $150, thanks to being a generation old.
Five of the purchased routers were properly wiped; the other four were either “hardened” with security safeguards, broken, or part of a pair. Meanwhile, the remaining nine still contained leftover data that could be accessed using standard operating
Read more on pcmag.com
