A vast file containing the geolocation data of millions of smartphones has been put up for sale by hackers. It also includes travel histories concerning French citizens.
Hackers have probably touched one of the most sensitive links in the sale of data: geolocation information. Gravy Analytics, an American company that collects and resells information on the movements of millions of smartphone users, has been the target of a massive hack. A large file was put up for sale on a Russian hacker forum in January, including customer lists, technical information, and detailed geolocation histories. The hackers are now threatening to make this information public if they do not receive the demanded ransom.
Gravy Analytics and its subsidiary Venntel is one of the giants in the data sales market. This company collects data from millions of mobile applications to resell it to advertising groups and American agencies such as the FBI. Among the customers mentioned in the hacked files are renowned companies such as Apple, Uber and Comcast, as well as government entities in the United States.
According to them, this intrusion has lasted since 2018, revealing a particularly worrying level of vulnerability for a company managing such sensitive data.
Millions of European citizens concerned
Baptiste Robert, ethical hacker, at the head of Said Labhas taken a close interest in this leak and has already highlighted the highly sensitive nature of the compromised information. Concretely, it is already possible to retrieve location data from a particular phone and analyze its tracking history. This information can then be combined with other information to obtain the identity of the targeted person.
Gravy Analytics and Venntel had already been sanctioned by the American competition authority last December. The agency had barred these companies from selling or using sensitive location data without explicit consent, also requiring the deletion of historical data. Presumably, it is too late to implement these measures.
Source: www.numerama.com
