Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist

Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist

NCIX was an online computer hardware and software retailer based in Richmond, British Columbia, Canada, founded in 1996 by Steve Wu. It had retail outlets in Vancouver, Burnaby, Coquitlam, Richmond and Langley, British Columbia, as well as Markham, Mississauga, Scarborough, Ontario and Ottawa, Ontario. At one point, NCIX had 3 shipping facilities, one in Richmond, British Columbia, another in Markham, Ontario, and one in Industry, California. By July 17, 2017, NCIX had closed the Mississauga, Toronto, and Ottawa retail locations. NCIX declared bankruptcy with the Supreme Court of British Columbia on December 1, 2017 and is no longer processing orders.

Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.

Up until December 1, 2017, when it filed for bankruptcy, NCIX was a privately-held company in Canada in the business of selling computer hardware and software.

 

 

 

NCIX

 

 

NCIX abandoned company computers in a warehouse

 

Security consultant Travis Doering of Privacy Fly decided to act on a selling offer on Craigslist that promised two NCIX database servers for CAD 1,500, but he later found that the seller, identified as Jeff, actually had “NCIX’s entire server farm from the east coast.”

The retailer’s merchandise was auctioned earlier this year, but corporate computers were abandoned by NCIX in a warehouse in Richmond, British Columbia, when they couldn’t pay CAD150,000 in rent.

Jeff told Doering that he was a former systems administrator for a Richmond-based telecommunications company and was helping the NCIX former landlord recover some of the money.

Many people erroneously believe that the Jeff selling the NCIX databases is the company’s CEO Jeff Chiang. In a reply on Reddit, Doering clearly says that the person he met most likely used an alias and he was definitely not Jeff Chiang.

 

 

Security

 

 

Server equipment and 109 unwiped disk drives

 

At least one data collection covers 15 years of orders in multiple database backup versions, Doering says.

One he’s analyzed includes 3,848,000 order details between 2007 and 2010, with names, company names, items purchased and their serial numbers, addresses, phone numbers, and payment data. In an updated version he found corresponding email addresses.

In his examination of the storage drives as a potential buyer, Doering saw customer service inquiries containing full payment card details in plain text belonging to 258,000 users in the United States and Canada.

Additional entries in the database included 385,000 names, serial numbers with dates of purchase, addresses, company names, email addresses, phone numbers, IP addresses, and unsalted MD5 hashed passwords, which are easy to crack with today’s computer equipment.

Jeff told Doering that he was in possession of about 300 desktop computers from NCIX corporate offices and retail stores, as well as 18 DELL PowerEdge servers, two SuperMicro servers with StarWind iSCSI software for back purposes. All included 109 storage units with unwiped data.

One backup image belonging to NCIX former owner Steve Wu, had data going back 13 years, with financial documents, employment letters containing social insurance numbers, and personal data from Wu’s personal computer.

 

 

unwiped disk drives

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Data Analysis

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 


Show Buttons
Hide Buttons