It’s probably been a while since anyone thought about Apple’s router and network storage combo called the Time Capsule. Released in 2008 and discontinued in 2018, the product has largely disappeared into the sands of the gadget era. When independent security researcher Matthew Bryant recently bought a UK-made Time Capsule on eBay for $38 (plus more than $40 for shipping to the US), he thought he’d get just one of the plucky white monoliths at the end of its earthly journey. Instead, he stumbled upon something he didn’t expect: a trove of data that appeared to be a copy of the main backup server for all European Apple Stores in the 2010s. The information included service tickets, employee bank account details, internal company documents and emails.

“Everything you could imagine was there,” Bryant tells WIRED. “Files had been deleted from the hard drive, but when I forensically examined it, it was definitely not empty.”

Bryant didn’t come across the Time Capsule entirely by chance. At the Defcon security conference in Las Vegas on Saturday, he will present the results of a months-long project in which he searched through offers for used electronics from websites such as eBay, Facebook Marketplace and China’s Xianyu and then subjected them to computer vision analysis to identify devices that were once part of companies’ IT fleets.

Bryant realized that the salespeople touting office equipment, prototypes, and manufacturing equipment were often unaware of the significance of their products, so he couldn’t sift through tags or descriptions to find the company’s best products. Instead, he developed an optical character recognition cluster by chaining together a dozen beat-up second-generation iPhone SEs and using Apple’s Live Text optical character recognition feature to find possible inventory labels, barcodes, or other company labels in the listings’ photos. The system monitored new listings, and when it found a possible match, Bryant received a notification so he could judge the device photos for himself.

In the case of the Time Capsule, photos showed a label on the bottom of the device that read “Property of Apple Computers, Chargeable Equipment.” After examining the contents of the Time Capsule, Bryant informed Apple of his findings and the company’s London security office eventually asked him to return the Time Capsule. Apple did not immediately respond to a request from WIRED for comment on Bryant’s research.

“The main company being discussed in terms of proof of concept is Apple because I think they’re the most mature hardware company. They have all their hardware specifically counted and they’re very particular about the security of their operations,” Bryant says. “But with any Fortune 500 company, it’s basically a guarantee that their stuff will end up on sites like eBay and other used markets at some point. I can’t think of a company where I haven’t seen at least one device and gotten an alert from my system.”

Another lead from his search system led Bryant to purchase an iPhone 14 prototype intended for internal use by developers at Apple. Such iPhones are coveted by both criminals and security researchers because they often run special versions of iOS that are less locked down than the consumer product and have debugging features that are invaluable for gaining insight into the platform. Apple runs a program to give certain researchers access to similar devices, but the company only grants these special iPhones to a limited group, and researchers have told WIRED that these are typically outdated iPhone models. Bryant says he paid $165 for the iPhone 14 for developers.