Gravy Analytics: Position data collector admits data breach
Following speculation last week, Gravy Analytics has now admitted to a huge data leak. The incident is being investigated with the help of external experts.
(Image: JARIRIYAWAT/Shutterstock.com)
Location data collector Gravy Analytics has admitted to a data breach that may have led to the theft of millions of people's precise location data. Gravy Analytics, a subsidiary of the location company Unacast, told the Norwegian government that it had detected "unauthorized access to its AWS cloud storage environment" on 4 January. This was revealed in a document published by the Norwegian public broadcaster NRK.
The US law firm BakerHostetler writes in the notification of the personal data breach sent to the Norwegian data protection authority Datatilsynet on behalf of Gravy Analytics that it is working "at full speed" to determine the scope of the incident and the type of information involved. "Preliminary findings indicate that an unauthorized person has obtained certain files that may contain personal data." These are currently being analyzed. "If it turns out that personal data is involved, it is likely to be related to users of third-party services that provide this data to Gravy Analytics." The company's lawyers further explained that Gravy Analytics is currently investigating whether a reportable personal data breach has occurred.
After discovering the data breach, the company immediately secured its systems, changed the access keys to the AWS environment, temporarily took the data processing platform offline and began an investigation with the assistance of external cybersecurity experts, it said. According to Gravy Analytics, the data processing services have been back in operation since January 9.
Speculation about data breach
 Speculation about the data leak at Gravy Analytics emerged last week. On the darknet, Russian-speaking criminals claimed to have stolen millions of data from the location data collector. According to media reports, this apparently also included data from popular mobile games such as Candy Crush as well as dating apps such as Tinder and Grindr, apps for monitoring pregnancies and others.
Videos by heise
The US Federal Trade Commission (FTC) issued an order against Gravy Analytics and Venntel as recently as December, prohibiting both companies from selling, disclosing or using sensitive location data in products or services. At the time, the FTC wrote that the companies had collected data from apps and sold access to this data to companies or US government agencies.
(akn)
