Researchers at German cyber security firm G Data recently bought an old laptop at eBay and found classified German military documents stored on it.
According to the researchers, the laptop was used by the Bundeswehr (the unified armed forces of Germany), but they neglected to remove the laptop's hard drive or thoroughly delete its data before selling the machine on eBay.
The researchers paid just €90 for the bulky Amrel Rocky II + RT 686 military laptop, which appeared to be manufactured in 2000.
The classified files related to the German military's LeFlaSys Ozelot air defence system
While the files on the system were password protected, the researchers said they were able to unlock them simply by entering "guest" as the username and password.
After going through the files stored on the system, they realised that the classified files related to the German military's LeFlaSys Ozelot air defence system. This mobile defence system is still in use by the German military.
Many files contained step-by-step instructions on how to operate the Ozelot system, while others explained how to destroy the entire Ozelot system to prevent its use by enemy forces.
The files were marked "VS-Nur für den Dienstgebrauch" meaning they were the lowest level of secret classification.
Tim Berghoff, the G Data researcher who unlocked the laptop, told DW that the system weighed five kilograms and was designed for field use.
"It was easy to access the information. The Windows login required no password. The login for the program that contained the documentation of the weapons system was protected with a very easy-to-guess password."
A spokesman for the German Defence Ministry told Der Spiegel, the German news magazine who first reported the case, that the old computers used for LeFlaSys system were decommissioned by the German military many years ago.
All those systems were sent to a recycling firm, which was told to erase all data on those systems or render existing storage media unusable.
"It can be assumed that an error occurred during the recycling of the computer in question," the spokesman said.
The spokesman further stated that this particular issue was not really problematic, and that "computers do not contain any information that would allow a third party to gain critical knowledge".
Eighty-five per cent of Microsoft Exchange Servers vulnerable to remote-code execution security flaw patched last month
Organisations warned to patch protect against CVE-2020-0688 as state-backed APTs start targeting vulnerable Exchange Servers
Malwarebytes claims Pakistan state-sponsored group is using a fake Indian government advisory to spread remote-access Trojan
Yet another Intel CPU security flaw affects both Core series and Xeon processors
Royal BAM Group CISO Ian Hill examines the many different IT security threats posed by the COVID-19 coronavirus outbreak
The Intel chip security flaw could enable an attacker to steal sensitive data from targeted systems - but mitigating it could slow systems to a crawl