The breach involved terabytes of consumer data stored in the company’s Amazon cloud, marking one of the largest known collections of consumer location information. This incident underscores a troubling reality: user location data is not only being collected on a massive scale but it is also being sold and exposed to unauthorized third parties.
The hacker behind the breach has reportedly shared samples of the stolen data on a Russian forum, claiming to have extracted millions of location points from Gravy Analytics’ database. These points allegedly span locations across the United States, Europe, and even sensitive areas like the White House, the Kremlin, and military bases. The leaked dataset serves as a stark reminder of the vast scale of location tracking and the serious risks it poses to privacy and security. The breach also highlights how easily location data, including information from highly sensitive sites, can be exposed to unauthorized parties.
How does Gravy Analytics get its data?
Baptiste Robert, an ethical hacker shared on X about how Gravy Analytics gets its data. According to him, Gravy Analytics generally does not collect data directly from apps. Instead, it collaborates with ad-serving agencies or intermediaries that gain access to user data from Android and iOS devices. The fallout from this breach extends beyond personal privacy concerns, as the leaked data includes sensitive locations such as government facilities, religious sites, and private residences, raising the potential for espionage, blackmail, and other malicious activities.
How can you protect yourself?
To protect your privacy, take the following steps:
- On Android, go to Settings, then Privacy, and select Ads. From there, you can delete your advertising ID.
- On iOS, navigate to Settings, then Privacy & Security, and choose Tracking. Finally, disable the option that allows apps to request to track you.