Investigation into Gravy Analytics found a million people were affected.
The details of around 50,000 UK users may have been exposed in a major international hack that stole location data from app users around the world.
An assessment of the material by European investigators at PRODAFT determined it to be “one of the most consequential public disclosures” of personal location data. In the January incident, details of the users of Vinted, Candy Crush, and Tinder were likely exposed.
The disclosure by the i Paper revealed that attackers successfully attacked Gravy Analytics which buys and sells location data for thousands of apps.
At the time of the hack, Gravy Analytics said the firm “do not receive information that can directly identify specific people”, but investigators claim state actors will be able to identify individuals with “high accuracy.”
PRODAFT claims more than a million people were affected from 136 countries, with at least 50,000 victims coming from the UK.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
