Last week, a major location data broker Gravy Analytics reported a data breach that could have led to the theft of millions of people’s precise location data, TechCrunch reports. As 404 Media writes on Thursday, this comes after it reported two days ago that data from popular mobile games such as Candy Crush, as well as dating apps, pregnancy tracking apps, and more, had been leaked.
Baptiste Robert, CEO of digital security company Predicta Lab, said in a series of posts on Wednesday that the small sample of data published on the Russian forum contained data on “tens of millions of data points around the world” and included “sensitive locations such as the White House, Kremlin, Vatican, military bases, and others.” According to TechCrunch, the sample alone contained more than 30 million points.
In its notification to the Norwegian Data Protection Authority, Gravy stated that on January 4, it “discovered unauthorized access to its AWS cloud storage environment”. The company is still investigating how long the hackers had access to its cloud environment and whether the breach constitutes a “notifiable personal data breach,” it said.
Gravy Analytics was one of two data brokers targeted last month by an FTC order prohibiting them from “selling, disclosing, or using sensitive location data in any product or service.” The FTC wrote at the time that its subsidiary, Venntel, collected data from apps and sold access to it to companies and government agencies, including the IRS, the Drug Enforcement Administration, the FBI, and the U.S. Immigration and Customs Enforcement (ICE).
