Disclaimer: I work at Backblaze, and I was here first.
> I'd worry they would sue for...
If you are referring to Backblaze, we're not going to "sue" anybody for anything.
We (Backblaze) have dealt with a bunch of frivolous lawsuits (and patent trolls) over the years suing us, and OMG we're not going to instigate any lawsuits over some honest person legitimately reporting some issue and being helpful. It isn't going to happen.
Our reputation is important to us. Not just for Backblaze: I'm saying the individuals that founded Backblaze and those people that work now here base our entire existence and careers and the number one marketing efforts at Backblaze are based around we are trying to be "the good guys" and transparent and acting like it. There is no possibly world where we try to suppress a screwup like this through legal means. That would be a PR debacle of epic proportions.
If something went wrong, let's shine a spotlight on that cockroach and figure it out together. I'm not sure the exact drive we are all talking about, but my first guess would be a customer ordered a $189 "USB Restore" all their data shipped to them on an encrypted drive) and we (Backblaze) shipped the customer a USB restore drive and they are subsequently selling it (after copying their restore off of it) on the open market. If it is above 8 TBytes this is absolutely *NOT* the case and we should get to the bottom of it. Without lawyers mucking up the situation.
Absolutely do not tell them. This is a can of worms you really do not want to open. You will not be met with a welcoming response. Its sad, but that is the state of affairs.
What can of worms exactly is opened with a ‘Hey I bought this drive on eBay that seems to have your info on it - want it back?’
What plausible damage have you done that they could sue you over? If all you want is your cost or the like, I can’t imagine that is a crime either.
If someone has a lot to lose, I guess sending a letter through a law office would be a sane option, but backblaze doesn’t strike me as the shoot-first-ask-questions-in-the-deposition type of company anyway.
I'd tell them anonymously. Register a new protonmail account and email support at Backblaze with some incriminating evidence that you're actually in possession of what you claim, and then offer to mail the drive back to them.
How could they sue if you legitimately purchased one of their discarded drives? When you bought it whatever was on it became yours and I doubt their CEO would like their data floating around like that unless it's considered useless.
First they'd cast aspersions on the drive being "legitimately" purchased, then they'd float that you're an evil criminal, in violation of the CFAA and wire fraud acts, and for receiving stolen property.
If the government is out to get you, they'll try and find something to come after you for. Just ask Josh Renaud.
Backblaze is not the government. I mean if you're paranoid about it you could submit a bug bounty with a temporary email address and gauge the response. If I were Backblaze I would like to know about this and would be willing to at least send you a pair of new replacement drives to get that one back, assuming this kind of disposal is not their SOP. It's possible they ran this drive through their vetting process and it didn't meet their spec so they sold it off. The logs might just be from that testing/vetting and any data even on real production backblaze drives I would assume is so striped-out that a single disk would not have anything of recoverable value.
