Ever Trend Zone A massive data breach involving Gravy Analytics appears to have exposed the precise location data of millions of users of popular smartphone apps such as Candy Crush, Tinder, and MyFitnessPal. Here’s what you need to know about the unfolding breach.
Gravy Analytics breach affects users of many top smartphone apps
Gravy Analytics, a location data broker that holds data from millions of iPhone and Android users, has been hacked.
As first reported, hackers claimed a successful breach last week. 404 media. But now data is starting to emerge that backs up that claim and shows just how bad it is.
We publish millions of precise location data showing you the places you visit most often, including your home and work.
The origin of the existence of this data is reported to be in an app bidding process called real-time bidding that determines which ads are shown to users.
zach whittaker tech crunch Let me explain:
During the near-instantaneous auction, any advertiser who bids can see information about the device, such as make and model type, IP address (which can be used to infer a person’s approximate location), and in some cases other information. You can also check the information. Precise location data, if the app user allows it, and other technical factors that help determine which advertisements are shown to the user.
But as a byproduct of this process, advertisers who bid, or those who closely monitor these auctions, will also have access to a treasure trove of so-called “bidstream” data, including device information. Data brokers, including those who sell to governments, can combine the information they collect with other data about an individual from other sources to paint a detailed picture of someone’s life and whereabouts.
Gravy Analytics is one such data broker, but now its data has been compromised and is starting to be publicly leaked online.
Users of many popular ad serving apps are affected.
joseph cox wired write:
The list includes dating sites Tinder and Grindr. Large-scale games like Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells. Transportation app Moovit. My Period Calendar & Tracker is a period tracking app that has been downloaded over 10 million times. Popular fitness app MyFitnessPal. Social network Tumblr. Yahoo email client. Microsoft’s 365 office apps. and flight tracker Flightradar24. This list includes religion-based apps, including Islamic prayer and Christian bible apps, various pregnancy tracking apps, and ironically many VPN apps that some users may download to protect their privacy. Multiple focused apps are also mentioned.
A complete list compiled by someone can be found here.
Is it good news for iPhone users?
Information about this breach is still emerging, but there is one early sign of good news, especially for iPhone users.
said Baptiste Robert, CEO of digital security company Predicta Labs. tech crunch If you deny an app’s request to track you, that app is saying “your data is not being shared.”
Robert is referring to the “Do Not Track” permission prompt that Apple built into iOS.
In his post on X, Robert also advises users to also disable apps that request tracking by going to Settings ⇾ Privacy & Security ⇾ Tracking. This screen also shows whether you have previously granted tracking permission.
There has been no official statement from Apple at this time, but if Robert is correct, far fewer iPhone users will be affected by the Gravy Analytics breach.
We will continue to update you on key developments in the Gravy Analytics breach as more information becomes available.
