Gravy Analytics, an American company specializing in the collection, exploitation and resale of location-based data, has just suffered a computer intrusion. The company mainly offers its anonymized data to advertisers looking to refine their marketing strategies. It is one of the main behemoths in the location data industry.
It is also known for having sold smartphone location data to the United States government. Gravy Analytics has a subsidiary specializing in data brokerage, which collaborates with the American border police (Immigration and Customs Enforcement (ICE) and with the FBI, Venntel.
A massive amount of sensitive data
According to information obtained by 404Media, hackers claim to have gotten their hands on a massive amount of data belonging to Gravy Analytics, including customer lists, information on various business sectors and location data collected via smartphones.
To prove their claims, the cybercriminals first published a series of screenshots on the Russian criminal forum XSS. In their message, they threaten to publish the location data stolen from Gravy Analytics on the web. They first put the database up for sale, before demanding a ransom from the American company.
According to information from Reuters, the hackers shared 1.4 gigabytes of location data to convince their peers of their misdeeds. Cybercriminals claim to have stolen over 10TB of confidential data.
A privacy advocate’s nightmare
The stolen files include smartphone geolocation data, including precise latitude, longitude, and time, with examples showing locations recorded in countries such as Mexico, Morocco, the Netherlands, North Korea, Pakistan, and Palestine. As Zach Edwards, a security researcher at Silent Push, explains, it’s a data privacy nightmare:
The stolen documents mention the names of several of Gravy Analytics’ customers, including Apple, Comcast, Equifax, Gannett, LexisNexis, and Uber. Marley Smith, a researcher at RedSense, and John Hammond, an expert at Huntress, both believe the data is legitimate when asked by Reuters. Hackers aren’t bluffing.
A threat to national security
For Baptiste Robert, a French cybersecurity expert, the data samples shared by hackers show “tens of millions of location data points around the world”, including “the White House, the Kremlin, the Vatican, military bases.” It’s a “threat to the national security” of many countries.
Furthermore, the expert points out that millions of individuals living in Europe are affected by the leak, despite the regulations put in place by the European Union. To protect against abusive collection of your location, Baptiste Robert recommends that Internet users “turn off location and Wi-Fi when you don’t need them to avoid being tracked.”
Note that the practices of Gravy Analytics and Venntel have already attracted the attention of American regulators in the past. The Federal Trade Commission (FTC) had in fact prohibited the two companies from exploiting the data collected without the consent of the main parties concerned. Above all, the FTC had ordered the deletion of the data, estimating that the industry, weighing several billion dollars and centered on "targeted advertising, could currently expose Americans' sensitive data in an alarming manner".
Source: 404 Media
0 Comments