According to information published by 404Media, location of millions of mobile device users Between iPhone and Android exposed due to hacking of a ‘data broker’ From Gravy Analytics. At the beginning of the year, Gravy Analytics’ parent company, Unacast, announced the unfortunate news. An unauthorized person broke into cloud storage hosted on AWS using a modified key. The disadvantage is that Files containing personal data were removed. How serious is this?

Planned Hack Attack on Gravy Analytics Results in Major Data Breach

This hack is a threat to the privacy of millions of users. smartphone applications emergedinvoluntarily, location data Collected using Gravy Analytics. It is known that the intellectual author of the attack published a data sample that you can already see. fitness, health, public transportation and even gaming applications. The problem is serious because location data reveals where users are and where they live and work.

He talked about what happened since then Same hacker posted screenshots from multiple locations According to information from TechCrunch, on a forum dedicated to Russian cybercrime.

The Norwegian government was notified by broadcaster NRK through its data protection authorities. Unacast is a company based in Norway and merged with Gravy Analytics in 2023.. They tout themselves as one of the “largest collections of location data” on their consumers. To prevent subsequent consequences, Unacast disconnected transactions After realizing what happened, even if briefly.

Gravy Analytics and uncast merged

The United States had already banned Gravy Analytics from selling, disclosing or using location data

United States Federal Trade Commission Banned Gravy Analytics from events Preventing commercialization of data in products or services. This came after consumers were warned in December that their privacy could be affected and they could be exposed to “disclosure of political activities and religious practices”.

Apparently, Since the company’s systems had already been interfered with, this ban would not prevent a future attack.. All data and products derived from user information had already been compromised.

In an X-related thread, Predicta Lab’s general manager stated: More than 30 million landmarks have been revealed, including landmarks Like the White House in Washington DC; The Moscow Kremlin, the Vatican City, as well as castles and military bases around the world.

Hackers claim to have breached US location data broker Gravy Analytics, which sells to government agencies.

By sharing 3 examples on a Russian forum, they revealed millions of location points in the US, Russia and Europe.

Now it’s OSINT time! 👇 pic.twitter.com/sVlEEgEFcF

— Baptiste Robert (@fs0c131y) January 8, 2025

This is how the attack that exposed the locations took place

How does Gravy Analytics work? The company collects location data through real-time adsother companies ccompete to buy advertising This means seeing the customer’s IP and location data As long as the user authorizes to your device or browser.

iPhone users may have been exposed via FlightRadar, Grind and Tinder apps, but it is true that none of these apps have any affiliation with Gravy Analytics. information leakage occurs precisely because of advertising.

App tracking allowed the user to make decisions about their privacy.

How can we? prevent an attack one of these features? An important factor in iOS is app tracking. You can disable this in the Privacy & security section of iPhone.. This way, apps cannot collect precise location data or create a unique device identifier. Users who did not have application tracking enabled were not victims of the attack. Using ad blockers in web browsers is effective against such situations. In addition to blocking your device’s location while browsing the Internet. Some sites ask you for this, so in cases like what happened with Gravy Analytics, it is not possible for you to consent.

In iOS 14.5, you can choose whether you want apps to track you.

All that remains is to verify how this large amount of location data was obtained. 404Media shows that it can use more data brokers.

you can follow iPadize yourself on Facebook, WhatsApp, Twitter (X) or check our Telegram channel to stay updated on the latest technology news.