Dumpster-Diving Attack: Difference between revisions

Latest revision as of 08:19, 15 August 2025

⚠️ Article status notice: This Article's Relevance Is Under Review

This article has been flagged for questionable relevance. Its connection to the systemic consumer protection issues outlined in the Mission statement and Moderator Guidelines isn't clear.

If you believe this notice has been placed in error, or once you have made the required improvements, please visit the #appeals channel on our Discord server: Join Here.

Notice: This Article's Relevance Is Under Review

To justify the relevance of this article:

Provide evidence demonstrating how the issue reflects broader consumer exploitation (e.g., systemic patterns, recurring incidents, or related company policies).
Link the problem to modern forms of consumer protection concerns, such as privacy violations, barriers to repair, or ownership rights.

If you believe this notice has been placed in error, or once you have made the required improvements, please visit the #appeals channel on our Discord server: Join Here.

A dumpster-diving attack is an attack where a malicious actor collects disposed-of sensitive data, commonly in the form of storage devices. The target of this type of attack can be a large business or an individual.

How it works[edit | edit source]

Due to how most storage devices work, files that are deleted by the user are not immediately deleted; instead, they are marked as available to be overwritten.^[1] This allows deleted files on disposed storage devices to be recovered using data recovery tools.

This attack is not limited to storage devices; paper records can also be used to extract sensitive information.

Why it is a problem[edit | edit source]

Malicious actors can use this technique to recover the sensitive data of both individuals and companies alike. They can then use this data in numerous ways, including selling to data brokers<nowiki>, performing fraud, etc. Often, the sensitive data gained from companies is the personal information of its consumers.

In an attempt to protect against this, many companies shred their storage devices when they are done with them. The problem with this is that it generates a high amount of waste. Additionally, a skilled actor could still recover the data from a shredded storage device.^[2]

Examples[edit | edit source]

References[edit | edit source]

↑ https://www.howtogeek.com/125521/htg-explains-why-deleted-files-can-be-recovered-and-how-you-can-prevent-it/
↑ McManus, Sean (5 June 2023). "Why millions of usable hard drives are being destroyed".

[1] ttps://www.howtogeek.com/125521/htg-explains-why-deleted-files-can-be-recovered-and-how-you-can-prevent-it/

[2] McManus, Sean (5 June 2023). "Why millions of usable hard drives are being destroyed".

[1]

[2]

Revision as of 02:56, 15 August 2025 edit Clipster (talk \| contribs) confirmed 60 edits →How it works Tags: Mobile edit Mobile web edit ← Older edit		Latest revision as of 08:19, 15 August 2025 edit undo Keith (talk \| contribs) Autoconfirmed users, Bureaucrats, Interface administrators, Push subscription managers, superadmin, Suppressors, Administrators 894 edits I'm not sure this article, at least in their current form, really relates to consumer protection? it seems much more like a general privacy/cybercrime issue
Line 1:		Line 1:
	{{~~StubNotice~~}}		{{Irrelevant}}

	A dumpster-diving attack is an attack where a malicious actor collects disposed-of sensitive data, commonly in the form of storage devices. The target of this type of attack can be a large business or an individual.		A dumpster-diving attack is an attack where a malicious actor collects disposed-of sensitive data, commonly in the form of storage devices. The target of this type of attack can be a large business or an individual.