Ebay Dangers : VPN Hardware Lands Kirklees Council In Big Trouble

Ebay has always been a treasure trove if you wanted to find random data from companies or even public organisations; Andrew Mason, a security specialist, bought a Cisco VPN 3002 Concentrator on Ebay for £0.99 but when he switched it on, he found out he got more than he bargained for.

The device automatically connected him to Kirklees Council central servers, in West Yorkshire, since the the login details hadn't been erased from the VPN hardware prior to the sale and still had the IP address owned by Cap Gemeni in its ROM storage.

A spokesperson for the council told the BBC that "[it] is deeply concerned with this report but is confident that multiple layers of security have prevented access to systems and data. In the meantime the disposal process has been suspended until an investigation can be carried out and appropriate action taken."

Staff usually use VPN (Virtual Private Network) to access their organisation's secure network remotely and these have become even more popular as remote working became more popular.

Any knowledgeable criminal could possibly make a killing from VPN devices on sale on Ebay especially since VPN is a preferred option for many large companies.

At the time of writing, there were 112 "VPN" related results on Ebay, many of which are similar routers/devices to the Cisco one.

Only last month, a Snap! Network attached storage (NAS) purchased on Ebay for only £35 was found to house details of more than one million bank and credit card customers and earlier this year, a CDROM containing data from the Home Office was found inside a laptop purchased on Ebay.