Company that sells Americans' location data reports massive breach, claims hackers

While tech giants like Google and Facebook are frequently criticized for utilizing personal data to display advertisements and recommendations, less attention is given to businesses that base their entire business model on collecting user data and selling it to other companies and governments. These companies often operate in legal gray areas, with the necessary consent for collecting user data concealed in the fine print.

The failure of data brokers to protect the data they collect is even more concerning. Last year, National Public Data made headlines for failing to secure 2.7 billion records of individuals whose data it had harvested. Now, hackers have reportedly stolen data from Gravy Analytics, the parent company of Venntel, which has sold vast amounts of smartphone location data to the U.S. government.

Enter the giveaway by signing up for my free newsletter.

What you need to know about the breach

According to a report by 404 Media, hackers have allegedly breached Gravy Analytics, a major location data broker and parent company of Venntel, which sells smartphone location data to U.S. government agencies. The breach is significant, involving sensitive location data that tracks precise smartphone movements, customer information, and even internal infrastructure.

The stolen data, which includes precise latitude and longitude coordinates of the phone and the time at which the phone was there, is being threatened to be made public by the hackers. Some of the files even indicate the country from where the data was collected.

Since 2018, Gravy's systems have been hacked, which is a serious security breach on the company's part. It is astonishing how companies that profit from collecting and selling user data failed to safeguard it from being exposed.

The hackers allegedly obtained extensive access to the company's infrastructure, including Amazon S3 buckets and server root access, and exposed a customer list that includes major corporations like Uber, Apple, and Equifax, as well as government contractors such as Babel Street.

What this breach means for people

The data breach in the location data industry has exposed serious security issues. Companies such as Gravy Analytics and Venntel have been profiting from collecting and selling sensitive location data without proper user consent. Their prioritization of profit over security has put the privacy of millions at risk. This data could end up on black markets, endangering individuals, particularly those in vulnerable situations, by making them targets for harassment or worse.

The FTC's recent crackdown on Gravy, announced in December, highlights their disregard for privacy concerns. The proposed order will limit these companies' ability to collect and use location data, except in certain circumstances such as national security or law enforcement. This raises concerns about the potential misuse of sensitive information, such as the location of schools and workplaces, by those with malicious intentions.

5 ways to stay safe in the age of data breaches

The Gravy Analytics breach highlights the risks of the digital era. Although it's impossible to control how every organization handles data, you can take measures to reduce your vulnerability and safeguard your privacy. Here are five practical suggestions to stay secure.

Review and revoke excessive app permissions: Regularly review the permissions for apps on your smartphone and remove access to anything that feels unnecessary, such as a weather app not needing access to your microphone or camera.

VPNs can help protect your online privacy by hiding your IP address and encrypting your internet activity. Using a VPN adds an extra layer of security, especially when using public Wi-Fi networks. For the best VPN software, check out my expert review of the top VPNs for secure browsing on your Windows, Mac, Android, and iOS devices.

Some companies offer the option to opt out of data collection or sharing. Utilize services like Your Ad Choices and privacy settings on Google to minimize data collected. Regularly check for opt-out options with frequently used apps and services.

Instead of using free apps that generate revenue by selling user data, consider paid versions of apps that prioritize privacy. Before downloading, research the company behind the app to understand its data handling policies.

Consider utilizing data removal services to regain control over your personal information by identifying and removing it from various online platforms. Discover my top recommendations for data removal services here.

Kurt’s key takeaway

The threat to privacy posed by companies that collect and sell user data is significant, and when they fail to protect this data, it can end up in the hands of even worse actors such as cybercriminals and governments. It is essential to hold these companies accountable for their negligence and protect individual privacy rights by implementing stringent repercussions. A mere slap on the wrist is not enough; we need real accountability to deter negligence and protect individual privacy rights.

Should companies face harsher consequences for not safeguarding personal information? Share your thoughts by emailing us at Cyberguy.com/Contact.

To receive my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.