Connect with us

Hi, what are you looking for?

Financial Source ReportFinancial Source Report

Tech News

A major data broker hack may have leaked precise location info for millions

Art rendering of transparent laptop in front of a wall of surveilling eyes.
Photo by Amelia Holowaty Krales / The Verge

Last week, major location data broker Gravy Analytics disclosed a data breach that may have resulted in the theft of precise location data for millions of people, reports TechCrunch. That appears to include data from popular mobile games like Candy Crush, as well as dating apps, pregnancy tracking apps, and more, as 404 Media wrote on Thursday, following up its report of the breach two days earlier.

Baptiste Robert, CEO of digital security company Predicta Lab, said in a series of posts Wednesday that the small sample data set published in a Russian forum contained data for “tens of millions of data points worldwide” and included “sensitive locations like the White House, Kremlin, Vatican, military bases, and more.” As TechCrunch notes, the sample alone contained more than 30 million locations.

Gravy said in its disclosure to the Norwegian Data Protection Authority that it “identified unauthorized access to its AWS cloud storage environment” on January 4th. It says in the disclosure that it’s still investigating how long hackers had access to its cloud environment and whether the hack “constitutes a reportable personal data breach.” As for what or who was affected, the company writes:

Gravy Analytics is working diligently to determine the scope of the incident and the nature of the information involved. Preliminary findings indicate that an unauthorized person obtained certain files, which could contain personal data. These are currently being analyzed. If it is determined that personal data is involved, that personal data is likely associated with users of third-party services that supply this data to Gravy Analytics.

Gravy Analytics was one of two data brokers targeted last month in a proposed FTC order that forbids it from “selling, disclosing, or using sensitive location data in any product or service.” The FTC at the time wrote that its subsidiary, Venntel, collected data from apps and sold access to that data to businesses or government agencies, including the IRS, DEA, FBI, and ICE.

You May Also Like

Tech News

Image: Cath Virginia / The Verge, Getty Images Without going into detail about what might happen to the $52 billion in subsidies from the...

Tech News

EU Codes of Conduct are more of a suggestion than legally enforceable rules. | Image: Cath Virginia / The Verge, Getty Images Meta, Google,...

Tech News

Illustration: The Verge Google said today that it plans to update Google Maps to reflect President Trump’s January 20th executive order to change the...

Tech News

Roborock’s Saros Z70 looks set to be the first robot vacuum with an articulating arm to come to market. It’s designed to pick up...