The locations of millions of people using some of the world’s most popular apps could be leaked in a major hack.
Tinder, Spotify, Citymapper, Mumsnet and Sky News were among hundreds of companies named in a sample list of apps linked to the breach.
US location tracking firm Gravy Analytics appears to have been targeted by hackers. It collects information through smartphones, including precise movements of people, and then provides it to other companies or governments.
With more than 10 terabytes of data believed to have been stolen, Russian-speaking hackers shared a sample of the stolen information on a well-known hacking forum.
Baptiste Robert, founder of Predicta Lab, a company that provides tools for online privacy and security, analyzed this pattern and found it easier to identify people around military bases and government offices, as well as people’s homes and family lives. Was able to get details about
He also told Sky News that the apps named in the leak don’t necessarily work with Gravy Analytics.
Instead, he said, software development kits used in apps are sending users’ location data.
Graeme Stewart of cyber security firm Checkpoint told Sky News: “This is a new kind of hack.
“It’s not just your personal details, it’s really pretty deep details about your life and what you’re doing and how you’re doing it.”
The company at the center of the hack, Gravy Analytics, sells data on thousands of apps used around the world.
According to Mr Stewart, it can see granular details about users, whether you’re using your phone on the bus or in the toilet.
“It’s that level of detail that suddenly gives people the ability to make pretty deep distinctions and deep observations about your life and use that against you,” he said.
Read more:
‘Stuck’ NASA astronauts ‘not going to eat’
OpenAI boss denies sister’s sexual abuse claims
Musk and the Grooming Gang Scandal
Tech news outlet 404 Media first reported the hack and saw sample data.
According to 404 Media, this includes the exact latitude and longitude coordinates of people’s phones, and the time the phone was there.
What can you do?
To protect against such hacks, Mr. Robert advises users to turn off their location, as well as Wi-Fi, when not needed.
He also recommended Android users to delete their advertising ID and iOS users to turn off “Allow Apps to Request To Track” in Privacy and Security settings.
The named companies state that they do not work with Gravy Analytics.
A source with knowledge of the leak told Sky News that Tinder may be named because it is downloaded to phones with apps that work with Gravy Analytics.
The source suggested that the tracking company has the ability to pull the names of other apps downloaded on the device.
“Tinder takes safety and security very seriously. We have no association with Gravy Analytics and there is no evidence that this data was obtained from the Tinder app,” a Tinder spokesperson told Sky News.
Other companies involved in the leaked data told Sky News that they do not work with Gravy Analytics and do not track user location data.
Spotify said it could confirm that “no Spotify user data was involved in this hack”.
A Sky source said the company was immediately reviewing the alleged incident and that it appeared to have no commercial connection with Gravy Analytics.
Gravy Analytics has been contacted for comment.