Dumpster-Diving Attack

❗Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

A dumpster-diving attack is an attack where a malicious actor collects disposed-of sensitive data, commonly in the form of storage devices. The target of this type of attack can be a large business or an individual.

How it works

Due to how most storage devices work, files that are deleted by the user are not immediately deleted; instead, they are marked as available to be overwritten.^[1] This allows deleted files on disposed storage devices to be recovered using data recovery tools.

This attack is not limited to storage devices; paper records can also be used to extract sensitive information.

Why it is a problem

Malicious actors can use this technique to recover the sensitive data of both individuals and companies alike. They can then use this data in numerous ways, including selling to data brokers<nowiki>, performing fraud, etc. Often, the sensitive data gained from companies is the personal information of its consumers.

In an attempt to protect against this, many companies shred their storage devices when they are done with them. The problem with this is that it generates a high amount of waste. Additionally, a skilled actor could still recover the data from a shredded storage device.^[2]

Examples

References

↑ https://www.howtogeek.com/125521/htg-explains-why-deleted-files-can-be-recovered-and-how-you-can-prevent-it/
↑ McManus, Sean (5 June 2023). "Why millions of usable hard drives are being destroyed".

[1] ttps://www.howtogeek.com/125521/htg-explains-why-deleted-files-can-be-recovered-and-how-you-can-prevent-it/

[2] McManus, Sean (5 June 2023). "Why millions of usable hard drives are being destroyed".

[1]

[2]