720-891-1663

Alerts, Breach, Privacy, Safety

The Consequences of Allowing Data Brokers to Sell Your Data

Leave a comment

Data broker Gravy Analytics lost control of their location data database, affecting the privacy of millions. The hacker has published a “sample” of 30 million location records. Remember, 30 million represents just a sample; we don’t know who much data was stolen in total.

The data released includes location data from fitness, health, dating, transit and game apps. The data represents where people live, work, have been and travel. With this kind of location data it is pretty easy to de-anonymize the data.

The hacker initially posted screenshots of the data on a Russian language cybercrime forum, claiming that they have stolen several terabytes of consumer data from Gravy Analytics.

Gravy Analytics, owned by Norway-based Unacast, touted what it called “one of the largest” collections of consumer location data.

Gravy Analytics claims to track more than a billion devices daily worldwide.

The company claims that the hacker “acquired” files from it’s Amazon hosted environment by way of a “misappropriated key”, whatever that means.

The company only found out about being hacked because the hacker contacted them. The company acknowledged the breach and said it is being investigated.

The company’s main website as well as other online resources were still down today.

Among the locations of people that were included in the sample were The White House, The Kremlin, Vatican City and military bases worldwide. ALL COMPLETELY LEGAL IN THE U.S.!

Among the data is the location data of users of the dating app Tinder across the UK. A security researcher was able to cross refence this data with a database of military personnel, potentially putting those people and their families at risk.

Gravy, apparently, collects a lot of its data from ad bidding. During the bidding process, the potential ad buyer (who in many cases loses every ad bid but gets to keep your data), the advertisers see the make and model of your phone, its IP address (which is a proxy for your location), your precise location if allowed along with other data. That bid data is combined with other data to enhance it and make it more valuable.

A lot of the location data so far released was inferred from IP addresses, which is only an approximation to location, but it would make sense that if the hacker plans on selling the data, the free samples might be the lowest grade data.

There are a number of ways that you can reduce advertiser’s ability to track you, including installing an ad blocker, but the best way is to uninstall apps you are not using.

See details about other ways to minimize ad tracking at the link.

At this point we don’t know how big the problem is but if they are collecting a billion data points a day, this could be big.

At least in the US, as well as many other countries, there is limited to no regulation of data brokers who collect and sell your data. It is up to you to protect yourself. Credit: Tech Crunch

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy