Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist
NCIX was an online computer hardware and software retailer based in Richmond, British Columbia, Canada, founded in 1996 by Steve Wu. It had retail outlets in Vancouver, Burnaby, Coquitlam, Richmond and Langley, British Columbia, as well as Markham, Mississauga, Scarborough, Ontario and Ottawa, Ontario. At one point, NCIX had 3 shipping facilities, one in Richmond, British Columbia, another in Markham, Ontario, and one in Industry, California. By July 17, 2017, NCIX had closed the Mississauga, Toronto, and Ottawa retail locations. NCIX declared bankruptcy with the Supreme Court of British Columbia on December 1, 2017 and is no longer processing orders.
Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.
Up until December 1, 2017, when it filed for bankruptcy, NCIX was a privately-held company in Canada in the business of selling computer hardware and software.
NCIX abandoned company computers in a warehouse
Security consultant Travis Doering of Privacy Fly decided to act on a selling offer on Craigslist that promised two NCIX database servers for CAD 1,500, but he later found that the seller, identified as Jeff, actually had “NCIX’s entire server farm from the east coast.”
The retailer’s merchandise was auctioned earlier this year, but corporate computers were abandoned by NCIX in a warehouse in Richmond, British Columbia, when they couldn’t pay CAD150,000 in rent.
Jeff told Doering that he was a former systems administrator for a Richmond-based telecommunications company and was helping the NCIX former landlord recover some of the money.
Many people erroneously believe that the Jeff selling the NCIX databases is the company’s CEO Jeff Chiang. In a reply on Reddit, Doering clearly says that the person he met most likely used an alias and he was definitely not Jeff Chiang.
Server equipment and 109 unwiped disk drives
At least one data collection covers 15 years of orders in multiple database backup versions, Doering says.
One he’s analyzed includes 3,848,000 order details between 2007 and 2010, with names, company names, items purchased and their serial numbers, addresses, phone numbers, and payment data. In an updated version he found corresponding email addresses.
In his examination of the storage drives as a potential buyer, Doering saw customer service inquiries containing full payment card details in plain text belonging to 258,000 users in the United States and Canada.
Additional entries in the database included 385,000 names, serial numbers with dates of purchase, addresses, company names, email addresses, phone numbers, IP addresses, and unsalted MD5 hashed passwords, which are easy to crack with today’s computer equipment.
Jeff told Doering that he was in possession of about 300 desktop computers from NCIX corporate offices and retail stores, as well as 18 DELL PowerEdge servers, two SuperMicro servers with StarWind iSCSI software for back purposes. All included 109 storage units with unwiped data.
One backup image belonging to NCIX former owner Steve Wu, had data going back 13 years, with financial documents, employment letters containing social insurance numbers, and personal data from Wu’s personal computer.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: