Visit complete Cyber Security roadmap

← Back to Topics List

Dumpster Diving

Dumpster diving is a low-tech but potentially effective method used by attackers to gather sensitive and valuable information by physically searching through an organization’s trash. Dumpster divers often target discarded documents such as old memos, printouts, and reports that may still contain sensitive information like usernames, passwords, credit card numbers, and other confidential details.

How it works

Attackers search public and private trash receptacles to find information that may be helpful in their attack strategy. By piecing together various details from discarded documents, attackers may piece together a complete understanding of the organization’s internal workings and gain access to protected systems.


  • Implement a ‘shred-all’ policy: Ensure that all sensitive documents are shredded before being discarded. Make it a standard company policy, and ensure that all employees are trained in this practice.
  • Raise awareness: Train employees to recognize the potential risks of improper disposal and encourage them to be diligent in disposing of sensitive documents.
  • Secure disposal: Use lockable bins and trash bags or dispose of sensitive documents in a designated, secured place where they will be safely destroyed.
  • Periodic audits: Conduct regular audits of your physical security measures, including trash receptacles and disposal methods.

By implementing these countermeasures, your organization can significantly reduce its risk of exposing sensitive information through dumpster diving.

Found any mistakes? Help us improve by updating the file here..

Community is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

Roadmaps Best Practices Guides Videos Store YouTube by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© · FAQs · Terms · Privacy


The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.