When we talk about data privacy, tech giants like Google and Facebook are often accused of using personal data to display ads and recommendations. Less discussed are companies whose entire business model revolves around collecting data and selling it to other companies or governments. These companies often operate in legal gray areas and require consent to collect user data buried in fine print.
Even more concerning is that these data brokers are not adequately protecting the data they collect. Last year, National Public Data made headlines for: Failed to protect 2.7 billion records of individuals whose data was collected. This time, hackers reportedly stole data from Gravy Analytics, Ventel’s parent company, which has sold vast amounts of smartphone location data to the U.S. government.
We’re giving away the latest and greatest Airpods Pro 2
Sign up to enter our giveaway free newsletter.
woman working on laptop (Kurt “Cyber Guy” Knutson)
What you need to know about breaches
The hackers claim to have compromised Gravy Analytics, the parent company of Ventel, a major location data broker known for selling smartphone location data to U.S. government agencies. Sources say the breach is extensive and includes sensitive location data that tracks the exact movements of smartphones, customer information, and even internal infrastructure. 404 media Report.
Hackers are threatening to release stolen data. The file contains the exact latitude and longitude coordinates of the phone and the time the phone was there. Some also indicate which country the data was collected from.
Hackers have claimed access to Gravy’s systems since 2018. If this is true, this represents a major security flaw on the company’s part. It’s puzzling how a company that collects and sells user data – something that definitely shouldn’t be allowed in the first place – failed to protect it from leaks.
404 Media also suggests that hackers gained deep access to the company’s infrastructure, including root access to Amazon S3 buckets and servers. The published customer list reportedly includes major companies such as Uber, Apple, and Equifax, as well as government contractors such as Babel Street.
hacker (Kurt “Cyber Guy” Knutson)
Here’s what ruthless hackers stole from 110 million AT&T customers
What does this breach mean for people?
This data breach highlighted serious security flaws in the location data industry. Companies like Gravy Analytics and Venntel have profited from collecting and selling sensitive location data, often without proper user consent. They have prioritized profit over security and now the privacy of millions of people is at risk. This data ends up on the black market and can put individuals, especially vulnerable people, at risk through harassment or further targeting.
The FTC’s recent crackdown on gravy, announced in December, highlights the agency’s inaction. The proposed order would prohibit these companies from selling or using location data except in certain cases, such as national security or law enforcement. There are concerns about its impact. Sensitive locations such as schools and workplaces can be easy targets for malicious people.
A person using a mobile phone and working on a laptop (Kurt “Cyber Guy” Knutson)
Beware of encrypted PDFs as the latest method to deliver malware
5 ways to stay safe in the age of data breaches
The Gravy Analytics breach serves as a sobering reminder of the vulnerabilities of the digital age. While it’s impossible to control how every company handles your data, you can take steps to minimize exposure and protect your privacy. Here are 5 practical tips to stay safe.
1) Restrict app permissions. Many apps request access to things like location data and contacts, even if they aren’t necessary for their functionality. Regularly check the app permissions on your smartphone and revoke access to those that seem excessive. For example, a weather app doesn’t need access to your microphone or camera.
2) Use a VPN. A virtual private network (VPN) can mask your IP address and encrypt your internet activity, making it harder for data brokers and hackers to track your online activities. A good VPN provides an extra layer of security, especially when using public Wi-Fi networks. For the best VPN software, read my expert review of the best VPNs to browse the web privately. Windows, Mac, Android, iOS devices.
3) Opt out of data sharing when possible. Some companies allow you to opt out of having your data collected or shared. Services like Your Ad Choices and privacy settings within platforms like Google can help reduce the amount of data collected. Check your opt-out options for the apps and services you use frequently.
4) Avoid free apps that monetize your data. free app They often generate revenue by selling user data. Instead, consider paid versions of apps that explicitly prioritize privacy. Please research the company behind the app and understand its data processing policies before downloading.
5) Invest in a data deletion service. Data deletion services can help give you some control over your personal information by identifying it and removing it from people search websites, data broker platforms, and other online databases. Check out my recommended data deletion services here.
What to do if your bank account is hacked
Cart important points
Companies that collect and sell user data pose a serious threat to privacy, and failure to protect this data often leaves it in the hands of even more malicious attackers. Cybercriminals, and even some governments, can use this information to target individuals. It is important that strict action be taken when these companies fail in their obligations to protect user data. A slap on the wrist is not enough. True accountability is needed to deter negligence and protect individuals’ right to privacy.
Should there be stronger penalties for companies that fail to protect personal data? Email us at. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask Kurt a question or let us know your story you’d like us to cover.
Follow Kurt’s social channels:
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
