Skip to main content

Best Buy doesn’t always wipe returned devices, so delete those ‘artful nudes’

best buy return data resale tvs
Image used with permission by copyright holder
Update 08/06/2015: Best Buy reached out to us with the following statement.

“We have detailed procedures in place to wipe client information from the devices that are returned to our stores. Our stores wipe thousands of devices and return them to factory settings each year. If that doesn’t happen, it runs counter to our company values and how we expect to handle customer data.”

Unfortunately, the statement does not say anything that wasn’t already known. Best Buy of course has a data wiping policy — but obviously, it was not followed in this case.

Original text: If you return an item to a store for being faulty, it might not be possible for you to zero the internal storage, or format whatever drive it has, to delete any of your personal data, so you would assume that the store would do that for you; if it is planning to resale it at least. Apparently that isn’t happening in all cases with Best Buy, though, as yet another instance has cropped up of it leaving customer data on a device that it resold to someone else.

In this particular incident, Best Buy customer Michael Urban treated himself to an Apple TV from the pre-owned hardware section, only to find that when he turned it on, it was still logged into the previous owner’s accounts. Although obviously a good hearted enough individual to bring this to the world’s attention, Urban could have taken advantage of the previous owner’s iTunes, Netflix, Hulu and HBO Now accounts.

“Although one could say the original owner should have known better and reset the unit before returning it, many/most people are probably clueless in this area,” Urban said to Ars. “So if the retailer accepts the return and resells the item, it’s their responsibility to return it to factory defaults. Although I’d like to believe it’s not true, I suspect they completely ignore this in many cases.”

As has been pointed out, this is far from the first time Best Buy has been found lacking in its resale privacy department. In one case a computer was sold to a new customer without any data wiped from its drive, allowing the new owner to login as the old without issue. Other stories gleamed from complaint forums suggest these are not isolated incidents.

Have you ever purchased second hand hardware, only to find the old owner’s details still on the device?

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more