Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse

Date:
Fri, 07 Feb 2025 21:23:00 +0000

Description:
The geo-location information of tens of millions of smartphones have been leaked, a fresh lawsuit alleges.

A complaint has been filed in the federal court of Northern California outlining allegations that data broker Gravy Analytics has failed to properly safeguard vast amounts of personal data, which may now have been stolen.

This is the fourth such lawsuit since January 2025, when screenshots were posted to Russian cybercrime forum XSS fuelling fears that a staggering 17TB
of records were swiped from the analytics firms AWS S3 storage buckets.

This breached information puts the privacy of millions at risk, and outlines the enormous risk when personal data is harvested and stored by private companies.

This week's suit alleges a huge archive of geo-locations from smartphone devices - heres what we know so far.

Insufficient data protection

Arguing the firm had a duty to protect the data it collected and stored, the lawsuit points to the risk of identity theft for anyone whose information was compromised.

The latest complaint, reported by The Register , alleges "the hacked Gravy Analytics data included tens of millions of mobile phone coordinates of
devices inside the US, Russia, and Europe, obtained through individuals use
of major mobile applications such as Tinder, Grindr, Candy Crush [and more].

The first breach was reported in early January 2025 after a hacker threatened to publish stolen location data , customer lists, and personal information harvested by Gravy Analytics and stolen in a huge hack.

Gravy Analytics has since been banned by the FTC from selling sensitive location data, alongside its subsidiary Venntel, after the FTC alleged the
two violated the FTC Act by unfairly selling sensitive consumer location
data, and by collecting and using consumers location data without obtaining verifiable user consent for commercial and government uses.

There are plenty of popular apps which collect your data, and often this is sold on to brokers for profit. Because a lot of this collection occurs
through the advertising ecosystem rather than a code the app creators themselves develop, this data collection is likely happening without users or even app developers knowledge.

The collection of personal information by the data broker industry comes with some serious risks and the industry is largely unregulated in the US, so the protections provided by laws like GDPR dont apply.

The specific details of the hack aren't yet known, but keeping your organization safe is about anticipating and preparing for a potential attack, says Pierre Noel, Field CISO EMEA at Expel.

"The solutions to prevent a major security incident are well known- adequate protection, detection, and swift incident response. However, the real
challenge lies in human nature: we instinctively believe cyberattacks only happen to others, rather than ourselves".

======================================================================
Link to news story: https://www.techradar.com/pro/security/millions-of-phone-location-records-fear ed-leaked-as-one-of-the-biggest-data-leaks-ever-may-be-a-whole-lot-worse

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)