Excerpt from Computing Article, Published on Jan 13, 2025.
A major data breach has potentially compromised the sensitive location data of millions of users of popular apps, including Spotify and Vinted, raising serious privacy concerns globally, including in the UK. The breach, reportedly targeting US-based location data broker Gravy Analytics (GA), involved the theft of an estimated 10 terabytes of data. The stolen information is believed to contain years of location history, GPS coordinates, and IP addresses from millions of devices. Hackers, led by an individual known as “Nightly,” have already released a 1.4GB sample of the data on the dark web. This sample, verified by cybersecurity experts, includes location records for over 10 million individuals.
Among the affected apps are Spotify, Vinted, Tinder, and Candy Crush, widely used by millions. It is estimated that 20 million people in the UK alone may have used at least one of the compromised apps. While the exact impact on individual users remains unclear, the stolen data could be exploited for malicious activities like identity theft, targeted scams, and blackmail. Vinted, a popular fashion resale app, has acknowledged the potential impact on its users and is actively investigating the breach. “We are taking this matter seriously, as the safety of our members is a top priority,” a Vinted spokesperson said. Meanwhile, Spotify has yet to issue an official statement on the matter.
Gravy Analytics, a significant player in the location data brokering industry, has previously faced scrutiny over its data collection practices. Last month, the company settled with the Federal Trade Commission (FTC) after being accused of collecting location data without proper user consent. This breach highlights ongoing concerns about data privacy and the risks associated with apps sharing user location data with third-party entities. As regulators push for stricter controls, the incident underscores the need for more robust safeguards to protect user privacy in an increasingly connected world.
To delve deeper into this topic, please read the full article Computing.
