2025-02-22 14:46:04 Pacfic
Massive Location Data Breach Affects Millions - 12d
A significant data breach at location data firm Gravy Analytics has exposed the sensitive location data of millions of users. The compromised data includes coordinates from mobile devices across the US, Europe, and Russia, with some records also linking the location data to specific apps. Popular apps like Candy Crush, Tinder, MyFitnessPal, and various others are impacted. The data was initially posted on a Russian-language forum by a hacker using the alias "Nightly".
The breadth of the breach is staggering with apps across several categories being affected including dating apps such as Grindr, games like Temple Run and Subway Surfers, transit apps such as Moovit, period trackers, religious apps including muslim prayer and christian bible apps, various pregnancy trackers, and even virtual private network (VPN) applications. It appears that these apps were co-opted by rogue members of the advertising industry to collect this data through the advertising bid stream, often without the knowledge of the app developers. This has raised concerns about how user data is being collected and sold within the advertising ecosystem.
ImgSrc: techcrawlr.com
References:
- Malware Analysis, News and Indicators - Latest topics - Massive breach at location data seller: “Millions” of users affected - 12d
- www.404media.co - Hackers claim massive breach of location data giant, threaten to leak data - 12d
- Malwarebytes - Massive breach at location data seller: “Millions” of users affected - 12d
- www.techdirt.com - Gravy Analytics specializes in location intelligence, meaning it collects sensitive phone location and behavior data. - 12d
- gbhackers.com - Gravy Analytics Hit by Cyberattack, Hackers Allegedly Stole data - 11d
- @Techmeme - A hack of location data firm Gravy reveals Candy Crush, Tinder, and thousands of other apps are being used to steal user location data; apps may not even know (Joseph Cox/Wired) - 11d
- @remixtures - Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. - 11d
- www.wired.com - Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location - 11d
- @josephcox.bsky.social - Joseph Cox - New from 404 Media: data hacked from location giant Gravy reveals thousands of ordinary apps hijacked to steal your location data. Candy Crush, MyFitnessPal, Tinder. Period trackers, prayer apps. Beca - 10d
- www.404media.co - See the Thousands of Apps Hijacked to Spy on Your Location - 10d
- Techmeme - A hack of location data firm Gravy reveals Candy Crush, Tinder, and thousands of other apps are being used to steal user location data; apps may not even know (Joseph Cox/Wired) - 10d
- @remixtures - 'Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of locati - 9d
- flipboard.com - Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location - 9d
Classification:
- HashTags: DataBreach LocationPrivacy AppSecurity
- Company: Gravy Analytics
- Target: Mobile App Users
- Feature: location data
- Type: DataBreach
- Severity: Major