RE: infosec.exchange/@SecureOwl/11…
Been getting some pretty intense looks when telling people that just because a company *claims* to have deleted your data, it doesn’t mean that it’s *actually deleted*.
#infosec
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D
