Massive Location Data Breach at Gravy Analytics: Millions at Risk
Episode Summary: This episode discusses the recent data breach at Gravy Analytics, a major player in the location data industry. Hackers claim to have stolen a large amount of sensitive data, including customer lists, industry information, and precise location data harvested from smartphones1. This breach has potentially exposed the private information of millions of people worldwide2. The implications of this breach are significant, raising concerns about deanonymization risks, tracking, and the potential sale of bulk location data on underground markets3.
Discussion Points:
•
The Hack: Gravy Analytics, the parent company of Venntel, which sells smartphone location data to the U.S. government, was reportedly compromised by hackers1.
•
Data Stolen: The stolen data includes customer lists, industry information, and precise location data from smartphones1.
•
Potential Harms: The breach could lead to the deanonymization of individuals, increased tracking, and the sale of sensitive data on underground markets3.
•
Government Use: Gravy Analytics and Venntel have been accused of illegally collecting and selling Americans' location data, with some tracked individuals monitored near sensitive locations such as government buildings and health clinics4....
•
Ransom and Cover-Up: Hackers posted a gigabyte of data on a Russian-language cybercrime forum and threatened to release more unless a ransom was paid6.... The removal of the post has led to suspicions that Gravy Analytics may have complied with the ransom demand7....
•
Lack of Transparency: Unacast, Gravy Analytics' parent company, has not publicly acknowledged the breach in America but has disclosed it to data protection authorities in Norway5....
•
In-App Data Collection: A single app installed on a phone was observed sending numerous requests, some to Unity, including geolocation data even when location services were disabled for all apps9.
•
Data Sharing: Location, IP address, and other data points are shared with third parties like Unity, Moloco Ads, and Facebook, even without explicit user consent10....
•
Data Broker Marketplaces: Data marketplaces like Datarade offer access to vast amounts of location data, including possibilities to acquire personal info13....
Links to Sources:
•
404 Media: https://404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
•
Straight Arrow News: https://www.straightarrownews.com/international/8121889/millions-of-americans-location-data-compromised-in-apparent-hack
•
Tracking Myself Down Through In-App Ads: https://timsh.org/everyone-knows-your-location-tracking-myself-down-through-in-app-ads