6 C
New York
Thursday, April 3, 2025
pCloud Premium

Location data broker Gravy Analytics was seemingly hacked, experts say



250109 location data hack lr 5add39

One of the largest companies that tracks Americans’ location through smartphone data has been hacked by Russian cybercriminals in exchange for ransom, according to two cybersecurity researchers and a person who has posted a massive trove of allegedly hacked files.

The incident would be one of the largest known breaches of a handful of controversial U.S. companies that sell individuals’ location data, a gold mine for advertisers as it can be used to extensively map a person’s life, usually without their knowledge.

The company, Gravy Analytics, and its subsidiary, Venntel, were accused last month by the Federal Trade Commission of illegally collecting and selling Americans’ location data without their knowledge or obtaining proper legal consent. Some of the people Gravy tracked were monitored going into sensitive locations like government buildings, health clinics and places of worship, the FTC said.

Smartphones create significant data from both how they connect to cell towers and wireless internet providers, as well as through apps, particularly third-party apps that require location data. The ubiquity of smartphones in everyday life has spurred an industry of shadowy companies that buy, package and sell data. While that data is usually advertised to marketers, it’s also sold to governments.

Gravy’s website has been down since at least Tuesday. Emails to it, Venntel and Gravy’s parent company, Unacast, could not be delivered. Several executives at the company contacted by NBC News did not respond to a request for comment. 

Gravy has claimed to “collect, process and curate” more than 17 billion signals from people’s smartphones every day, according to the FTC’s complaint.

Venntel sells Gravy data on people’s locations to help establish what the online advertising industry calls a “pattern of life.” The companies’ marketing materials give an example of identifying a target’s “bed down location, work location, and visits to other USG [United States Government] buildings,” and can show where people are: “home, gym, evening school, etc,” the complaint says.

On Saturday, a hacker on a popular Russian cybercrime forum called XSS claimed to have hacked Gravy. It posted screenshots and uploaded 17 terabytes of information, a massive trove, as evidence. Writing in Russian, the hacker claimed they would upload more if Gravy didn’t pay an unspecified ransom.

The files have since been removed, but not before they were downloaded and shared among cybersecurity researchers, two of whom analyzed them and said they found them likely authentic.

John Hammond, a researcher at the cybersecurity company Huntress, told NBC News that sorting through the data, he found a database of more than 300,000 individuals’ email addresses. NBC News ran some of those addresses through HaveIBeenPwned, a website that cross-checks email addresses to see if they have been exposed in previous breaches, and found that some of the addresses in the alleged Gravy dump have not been part of other major breaches.

“Organizations whose sole mission is data collection and aggregation are undoubtedly going to be an attractive target for threat actors. While we don’t know their initial access method, or ‘how the hackers got in’, it is clear they compromised more than enough to make an impact with this kind of data,” Hammond told NBC News.

Baptiste Robert, the CEO of the French privacy and location data company Predicta Lab, downloaded the sample data and told NBC News that the leaked material appears to show people tracked to around 30 million locations around the world. The data does not explicitly identify people by name or contain other identifying information, but instead follows the data broker industry practice of assigning individuals a string of numbers as a pseudonym, he said.

Though data brokers claim that using advertising ID pseudonyms protects their privacy, researchers have repeatedly shown that location data can make it easy to identify individuals. If data tracking a particular cellphone shows a person who spends most of their nights at a particular address, for example, it’s likely that person owns or rents that home.

The U.S. has no comprehensive federal privacy law, despite privacy advocates and even the Biden administration having called for one. Last year, Duke University researchers found that U.S. service members’ data, including location data, is widely sold by data brokers.

In 2023, the Office of the Director of National Intelligence found that U.S. intelligence agencies, which have restrictions on surveilling Americans directly, often purchase data on Americans from brokers and have few guidelines or oversight in that process.



Source link

Odisha Expo
Odisha Expohttps://www.odishaexpo.com
Odisha Expo is one of the Largest News Aggregator of Odisha, Stay Updated about the latest news with Odisha Expo from around the world. Stay hooked for more updates.

Related Articles

Stay Connected

0FansLike
0FollowersFollow
0SubscribersSubscribe
Best Lifetime Deals on SaaSspot_img

Latest Articles

Aston Villa’s ambition bucks January transfer trend in glory hunt

0
Rashford has now made 11 appearances with six starts. The 27-year-old has three goals and has created 19 chances in 607 minutes on...

Her great-grandfather was behind the Smoot-Hawley Tariff Act. She thinks Trump’s tariffs are ‘terrible.’

0
Carey Stewart Cezar, a retired nurse who lives in Baltimore, watched with dismay Wednesday as President Donald Trump announced sweeping tariffs on imports.Cezar...

‌RCB vs GT | Twitter reacts to Siraj’ silencing RCB chants by knocking off...

0
Winning the coin-flip and deciding to field first helped the Titans pacers to capitalise on the early moisture. Arshad Khan and Mohammed Siraj...

Trump’s massive 46% Vietnam tariffs could hit Nike, American Eagle and Wayfair

0
Retailers and brands have turned to Vietnam to manufacture goods from sneakers to couches while moving some or all production out of China.For...

'The goal is offside' – Moyes anger at Liverpool winner

0
Everton manager David Moyes says Liverpool's winner in the Merseyside derby should have been ruled out for offside. Source link