First of all, you should know that many companies with professional servers and equipment periodically renew their systems. This is important for improving performance and efficiency, as well as for using new technologies.
This is not normal, but some of these components can be acquired by workers. After an inspection, to verify that there is no confidential data, they are put back to work. He has freedom of decision, being able to sell it online if he sees fit and keeping the profit.
A magic trick with SSD involved
The first thing is in November 2022in an inventory review, the German company SAP I detect that 4 SSD drives were missing.
But the German company was surprised by the find lost SSDs on eBay. How do they know these are your hard drives? Well, these have different designs than commercial models and unique serial numbers that are always recorded.
Maybe you think they were stolen by a worker, well nothing could be further from the truth. It turns out that in fact a worker bought the four SSDs for the huge number of 0 euro. Yes, I will get them for free.
Theoretically, these units should have passed a safety inspection before leaving the company to verify that they did not contain anything. But it wasn’t like that and these units they kept records of over 100 SAP workers.
The selling price does not matter in this case, what matters is brutal security risk
Without a doubt, a multinational of this type, with the sensitive information it manages, for this to happen is a hassle. But, as in any good story, there is a last little twist, a punchline.
Actually not the first incident Of this type, come on, more hard drives with information have already left the company. The amazing thing is that there are It’s happened 5 times in total in the past two years. This shows a rather alarming lack of security and control.
Selling data center equipment on eBay
Even if you think it’s unusual, it’s really something very normal. When a renovation is complete, workers can acquire some of the materials and do whatever you want with them. The only condition is that it has been cleaned with a low level wipe.
Low-level erasure means that on an SSD, HDD, or RAM, all bits have been erased. This prevents any type of data recovery process.
If you go to eBay, you’ll see HPE Proliant servers or 10,000 RPM SAS hard drives with no issues. They are all from renovation plans and have gone through “cleaning” processes. In the past, I bought a few SAS hard drives myself from data centers and they contained absolutely nothing.
What happened with SAP is totally abnormal and represents a brutal security breach.