I once bought a "new" hard drive off Amazon. The connectors looked suspiciously scratched up, like it had been used before.
When I dug deeper, they had wiped the SMART data and the partition table, but it was absolutely full of readable data. I found clear text server logs indicating that this drive was in a backblaze center for several thousand hours.
Disclaimer: I work at Backblaze, and I was here first.
> I'd worry they would sue for...
If you are referring to Backblaze, we're not going to "sue" anybody for anything.
We (Backblaze) have dealt with a bunch of frivolous lawsuits (and patent trolls) over the years suing us, and OMG we're not going to instigate any lawsuits over some honest person legitimately reporting some issue and being helpful. It isn't going to happen.
Our reputation is important to us. Not just for Backblaze: I'm saying the individuals that founded Backblaze and those people that work now here base our entire existence and careers and the number one marketing efforts at Backblaze are based around we are trying to be "the good guys" and transparent and acting like it. There is no possibly world where we try to suppress a screwup like this through legal means. That would be a PR debacle of epic proportions.
If something went wrong, let's shine a spotlight on that cockroach and figure it out together. I'm not sure the exact drive we are all talking about, but my first guess would be a customer ordered a $189 "USB Restore" all their data shipped to them on an encrypted drive) and we (Backblaze) shipped the customer a USB restore drive and they are subsequently selling it (after copying their restore off of it) on the open market. If it is above 8 TBytes this is absolutely *NOT* the case and we should get to the bottom of it. Without lawyers mucking up the situation.
Absolutely do not tell them. This is a can of worms you really do not want to open. You will not be met with a welcoming response. Its sad, but that is the state of affairs.
What can of worms exactly is opened with a ‘Hey I bought this drive on eBay that seems to have your info on it - want it back?’
What plausible damage have you done that they could sue you over? If all you want is your cost or the like, I can’t imagine that is a crime either.
If someone has a lot to lose, I guess sending a letter through a law office would be a sane option, but backblaze doesn’t strike me as the shoot-first-ask-questions-in-the-deposition type of company anyway.
I'd tell them anonymously. Register a new protonmail account and email support at Backblaze with some incriminating evidence that you're actually in possession of what you claim, and then offer to mail the drive back to them.
How could they sue if you legitimately purchased one of their discarded drives? When you bought it whatever was on it became yours and I doubt their CEO would like their data floating around like that unless it's considered useless.
First they'd cast aspersions on the drive being "legitimately" purchased, then they'd float that you're an evil criminal, in violation of the CFAA and wire fraud acts, and for receiving stolen property.
If the government is out to get you, they'll try and find something to come after you for. Just ask Josh Renaud.
Backblaze is not the government. I mean if you're paranoid about it you could submit a bug bounty with a temporary email address and gauge the response. If I were Backblaze I would like to know about this and would be willing to at least send you a pair of new replacement drives to get that one back, assuming this kind of disposal is not their SOP. It's possible they ran this drive through their vetting process and it didn't meet their spec so they sold it off. The logs might just be from that testing/vetting and any data even on real production backblaze drives I would assume is so striped-out that a single disk would not have anything of recoverable value.
The author is talking specifically about AWS. The odds that there is a mistake decommissioning the disk that leaves the data intact, times that somebody salvaged it from a landfill, times that they care about your data is basically zero. Which means a logical person should worry about everything else.
This would require you or the person in the data center to know which customer is using which disk. And data isn't stored on just one disk, it's spread out over multiple disks and many customers have shards of data stored on the same disk. So even if this did happen, the would only get fragments of data.
Google mostly runs their own data centers. Amazon mostly rents space in commercial data centers with lots of different companies. Aws is probably pretty secure but likely less physically secure compared to Google if you get into the nitty gritty details.
This is false. Aws builds and operates their own data centers. The design and architecture of their data centers are highly standardized and an enormous amount of the build is fully automated. When they do lease they lease just a basic power and fiber build and they build their data center ontop of the base. Given how much custom equipment they run at the data center level it would be impractical to do anything that was collocated. But most data centers for aws, especially in Virginia, are on Amazon owned land. As far as I am aware the only collocations are in the satellite zones, outposts, and in peering locations.
When I dug deeper, they had wiped the SMART data and the partition table, but it was absolutely full of readable data. I found clear text server logs indicating that this drive was in a backblaze center for several thousand hours.