Nowadays, the value of smartphones largely lies in the variety of apps and games they support.
Popular Apps May Cause A Data Breach
In this digitally connected world, millions of people are now relying on their smartphones for their needs of daily communication, entertainment, and productivity.
During such times, the recent events of
popular apps like Candy Crush Saga and Tinder for data breaches have brought some attention.
There was a major data breach at Gravy Analytics, a leading location data broker, as per
a report published by the Media on January 9, 2025.
Moving ahead, this breach has raised a significant alarm over how popular apps may be misusing users’ real-time location data.
Basically, this breach is a very good example of how well-known apps like Candy Crush Saga and Tinder provide user location data to Gravy Analytics, which was then compromised by a hacker.
This breach basically involved terabytes of consumer data which is stored in the company’s Amazon cloud.
This is also one of the largest known collections of consumer location information.
Basically, this is pointing to a troubling reality.
In this breach, the user location data is not only being collected on a massive scale but it is also being sold and exposed to unauthorized third parties.
The hackers who are behind this breach has shared samples of the stolen data on a Russian forum reportedly .
They have claimed to have extracted millions of location points from Gravy Analytics’ database.
It points to the span locations across the United States, Europe, even including the sensitive areas such as the White House, the Kremlin, and military bases.
It appears that the leaked dataset serves as a stark reminder of the vast scale of location tracking and the serious risks posed to privacy and security.
Further highlighting on how easily location data, including information from highly sensitive sites, can be exposed to unauthorized parties.
How Does It Work?
As we know that an ethical hacker, Baptiste Robert shared on X about how Gravy Analytics gets its data.
It appears that Gravy Analytics generally does not collect data directly from apps, Robert said.
Adding, it collaborates with ad-serving agencies or intermediaries that gain access to user data from Android and iOS devices.
It is of highest concern that the fallout from this breach extends beyond personal privacy concerns considering the fact that the leaked data includes sensitive locations such as government facilities, religious sites, and private residences, raising the potential for espionage, blackmail, and other malicious activities.
How To Protect Yourself?
If you are an Android user then simply go to Settings, then Privacy, and select Ads. From there, you can delete your advertising ID.
Similarly for iOS users, just navigate to Settings, then Privacy & Security, and choose Tracking.
- Here disable the option that allows apps to request to track you and you are good to go.
Image Source
Comments are closed.