- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
…deleting records could cause big problems. Referential integrity across database tables simply wouldn’t allow it… it would cause a resonance cascade.
So, to get around the problem, a lot of places simply “overwrite” records when they are deleting them. They replace certain fields with garbage so the structure of the data remains, but the human elements are no longer present. At the heart of those “certain fields” are email addresses, the most widely used identifiers on all the web. And that, dear reader, is how we got to this cursed discovery.
I saw a discussion on the internet where someone mentioned that they deleted users in their app by overwriting their email addresses with
$somethingRandom.com. Mmm, I thought - I wonder how common of a thought process that is? I bet whoever ownsdeleteduser.comgets loads of emails!I decided to check it out, but to my genuine surprise - no one owned
deleteduser.com, so now I do.Source [web-archive]
This is a common practice in databases, you just mark record as deleted and make data unidentifiable.
Idk man in our databases delete is literally an SQL delete most of the time (or becomes that at some point). Though I guess we’re not the data-hoarder type company…
We aren’t the data hoarder type either and doing this would break half the functionality. It’s old systems not built with data deletion in mind that rely on there for example always being a customer associated with a transaction. That customer might not have anything other than an ID anymore, but it needs the ID. And you’re usually not legally allowed to just delete financial transactions.