A recent cyberattack on location data broker Gravy Analytics has put the privacy of millions at risk, revealing just how vulnerable our personal information is in the hands of data brokers. While the full extent of the breach is still unknown, the incident underscores the critical need for robust privacy protections in our increasingly digital world.
What Happened?
Gravy Analytics, a subsidiary of Unacast, suffered a significant data breach when a hacker infiltrated its systems, gaining access to a vast trove of user location data. The stolen information, reportedly encompassing several terabytes, includes detailed location histories from users of popular mobile apps across various categories, including health, dating, and gaming.
The breach came to light after a hacker posted screenshots of the stolen data on a Russian cybercrime forum. Independent news outlets, including 404 Media, quickly picked up the story, revealing that the data contained sensitive information about individuals’ movements, including visits to homes, workplaces, and even sensitive locations like the White House and the Kremlin.
The Dangers of Location Data
Location data, often collected unknowingly through our smartphone apps, can reveal a shocking amount about our lives. This type of data can be used to track our daily routines, identify our relationships, and even infer sensitive information about our health and beliefs.
In the case of the Gravy Analytics breach, security researchers have demonstrated how the stolen data can be used to de-anonymize individuals, track their movements, and even identify military personnel by correlating location data with known military facilities. For instance, one researcher used the data to track an individual’s journey from New York to their home in Tennessee. The potential for misuse is alarming, particularly for vulnerable groups, such as the LGBTQ+ community, who could be identified and targeted in countries where homosexuality is criminalized.
How Did This Happen?
Gravy Analytics gathers much of its location data through a process called real-time bidding (RTB), a core component of the online advertising industry. During the milliseconds-long auctions that determine which ads are displayed on your device, participating advertisers can access information about your device, including its make and model, IP address, and sometimes even precise location data.
This “bidstream” data, while intended for targeted advertising, can be intercepted and collected by data brokers, who then combine it with other data sources to create detailed profiles of individuals. While many apps have denied direct business relationships with Gravy Analytics, the nature of the online advertising ecosystem makes it possible for user data to be collected without the app’s explicit knowledge or consent. This is why it’s crucial to be proactive about your online privacy. One way to protect yourself is by using a privacy-focused browser like Incognito Browser for Android. Unlike many mainstream browsers, Incognito Browser comes with a built-in ad blocker that helps prevent your data from being swept up in these ad auctions in the first place. It also offers a unique video downloader, so you don’t have to rely on third-party services that might be harvesting your data. As a completely free privacy browser, Incognito Browser puts your privacy first. You can download it on Google Play [invalid URL removed].
Protecting Your Privacy
The Gravy Analytics breach is a reminder of the importance of taking control of your online privacy. Here are some additional steps you can take:
- Use an Ad Blocker: Beyond using a privacy focused browser with ad blocking tech, using a standalone ad blocker can prevent ad code from loading on websites, reducing the amount of data collected about your online activity.
- Adjust Device Settings: Both Android and iOS offer built-in privacy features that limit ad tracking. On Android, you can delete or reset your advertising ID, while on iOS, you can disable app tracking requests.
- Limit Location Access: Be mindful of which apps you grant access to your precise location. Only enable location services when necessary and for apps you trust.
