When Vancouver tech retailer NCIX went bankrupt, it stopped paying its bills, including the bills for the storage where its servers were being kept; that led to the servers being auctioned off without being wiped first, containing sensitive data -- addresses, phone numbers, credit card numbers, passwords, etc -- for thousands of customers. Also on the servers: tax and payroll information for the company's employees.
In August, security researcher Travis Doering of Privacy Fly found NCIX servers being sold off on Craigslist; the seller, described as "an Asian man from Richmond" who called himself "Jeff," said he bought many NCIX servers and computers, as well as hundreds of hard-drives with sensitive company data on them. Doering verified that Jeff's servers held hundreds of thousands of credit-card numbers and millions of customer orders, as well as a backup image of the personal computer of NCIX founder Steve Wu.
Jeff told Doering that he had already sold copies of some of NCIX's internal data to another customer, and offered to let Doering buy the right to copy the hard-drives on NCIX's systems, rather than the systems themselves.
NCIX appears not to have encrypted any of its systems.
Read the restThe examination portion of the meeting began to wind-down as time flew by and Jeff jumped into brokering a deal over a cup of tea. The first offer was thirty-five thousand dollars which would allow me to purchase all the desktop's and server hardware, excluding one group of hard drives that I had analyzed which he would allow me to copy.