Yazılar

Data Breach Reveals Exact Location Data of Millions from Popular Smartphone Apps

/in /tarafından

A significant data breach has compromised the sensitive location information of millions of smartphone users who utilize popular apps, including dating platforms, gaming apps, email clients, and even a period tracking app. The breach occurred when a hacker managed to infiltrate Gravy Analytics, a data broker that aggregates and sells location data from various apps on iOS and Android devices. The hacker was able to access data that includes precise location details, potentially revealing users’ home addresses, workplaces, and other personal movements. While iOS users may have been partially protected due to a privacy feature introduced in iOS 14.5, the breach still affected many devices across both platforms.

Gravy Analytics, which collects and monetizes location data, was targeted through a “misappropriated key” that allowed the hacker to gain access to the company’s cloud-based storage. The incident occurred on January 4, but the full scale of the breach remains unclear, as the company’s disclosure to Norwegian authorities provided limited details. The data compromised in the breach consists of extensive customer lists and real-time location tracking, which provides insight into the precise movements of individuals. The data affected includes smartphone data from millions of users, posing significant privacy concerns.

The leaked data, according to Baptiste Robert, the CEO of Predicta Lab, contains “tens of millions of location data points,” including sensitive locations such as military bases, the Kremlin, the White House, and the Vatican. This revelation highlights the extent of the breach and the level of detail that the stolen data contains. The breach not only exposes personal privacy but also raises security concerns, especially with the targeting of sensitive locations like government buildings and military sites.

This breach serves as a stark reminder of the vulnerabilities associated with the collection and storage of location data by third-party companies. While users may not always be aware of the extent to which their movements are being tracked, this incident underscores the risks involved in the widespread sharing of personal information by popular apps. As the investigation into the breach continues, it remains crucial for companies to implement stronger security measures and for users to stay vigilant about the permissions they grant to apps on their devices.

White House Launches Cyber Trust Mark for Smart Devices to Rate Security

/in /tarafından

The White House has introduced a new initiative aimed at helping consumers assess the cybersecurity of internet-connected devices. The Cyber Trust Mark, a stylized shield logo featuring microchip-style detailing, will be applied to products such as smart thermostats, baby monitors, app-controlled lights, and other IoT devices. The label is designed to provide a quick, easily recognizable guide to the security of these devices, similar to food labeling by the U.S. Department of Agriculture or the Energy Star rating on appliances.

For a product to receive the Cyber Trust Mark, manufacturers must ensure their devices meet cybersecurity criteria set by the U.S. National Institute of Standards and Technology (NIST), verified through compliance testing by accredited laboratories. As more everyday products, from fitness trackers to security cameras and even ovens, become internet-connected, the potential for cybersecurity vulnerabilities increases, posing privacy and safety risks.

Anne Neuberger, the U.S. Deputy National Security Advisor for Cyber, emphasized that each connected device could become a potential target for cyber attackers. The Cyber Trust Mark is voluntary for manufacturers, but Neuberger hopes it will encourage consumers to prioritize security by choosing products with the label. She also suggested that consumers might demand the label when purchasing connected devices to ensure their privacy isn’t compromised.

Initially, the Cyber Trust Mark will focus on consumer products like cameras, with plans to extend to home and office routers and smart meters. Devices bearing the label are expected to appear on store shelves later this year. Additionally, the White House is preparing an executive order that will restrict U.S. government purchases to only those products carrying the Cyber Trust Mark, starting in 2027. The initiative has garnered bipartisan support.

 

Hacker Claims Breach of US Location Tracking Company Gravy Analytics

/in /tarafından

An unknown hacker is claiming responsibility for a breach at U.S. location tracking company Gravy Analytics, with screenshots of the boast circulating online. The breach details remain unclear, but a Russian-language post and screenshots uploaded early Sunday to XSS, a site frequented by cybercriminals, allege that the company was hacked, and large volumes of data were stolen.

Gravy Analytics, which merged with Unacast in 2023, has not commented on the situation. Attempts to contact both Gravy and Unacast were unsuccessful, and Gravy’s website was down on Wednesday. The leaked data, around 1.4 gigabytes, has been reviewed by experts who have confirmed its authenticity, raising concerns that the breach is legitimate.

This hack follows recent scrutiny from the U.S. government over companies, including Gravy, that collect and sell highly detailed location data. The Federal Trade Commission (FTC) had previously settled with Gravy Analytics and another broker, Mobilewalla, over deceptive practices in gathering location data without proper consent. The FTC has raised alarms over the vulnerability of Americans’ sensitive data, especially in the context of targeted advertising and surveillance.