From the location data captured by the hackers, it is possible to find out, among other things, the user’s identity, workplace and loved ones.
Data taken by hackers can be used, for example, to investigate the movements of representatives of the armed forces. Adobe Stock / AOP
Norwegian Public Radio NRK originally reported on Thursday, January 9 that the location data of more than 3 million Europeans had been leaked on a forum by Russian hackers. This is allegedly only a small part of hackers From Gravy Analytics of captured data. In addition to location data, other user data has also been leaked, the first to report on the matter 404 Media tells.
American Gravy Analytics merged with Norwegian Unacast a few years ago. Companies collect location data from people’s phones, which has become a major industry in recent years.
Based on the collected data, people’s movements are analyzed and in some cases the data is sold on to other companies. Data is collected, for example, through phone applications that people use.
Location data can be linked to certain mobile devices using an advertising token, which makes the situation extremely serious. According to Tobias Judin, head of department at the Norwegian Data Protection Authority, cybercriminals can use this to find out, among other things, the user’s identity, workplace, commute and close people.
Gravy Analytics initially remained silent about the incident, but eventually commented on the matter as the topic spread on social media, NRK tells. The company says that it has notified the data protection authority and is investigating the case.
Gravy Analytics ensures that the attackers gained access to the cloud services used by the company. However, the company only noticed the data leak when the cybercriminal behind the attack contacted them.
This is how you protect your device
Data security expert Robert Baptiste told Knitting– chain, how cybercriminals can exploit data and how users can avoid falling victim to a similar attack in the future.
Baptiste managed to extract from the sample published by the hackers the names of the applications through which users’ location data was forwarded. There were a total of 3455 different applications. However, this is only a sample, so in reality there are probably even more applications.
According to Baptiste, this is not an ordinary data leak, but a national security problem. For example, location data can be compared with the locations of military bases in different countries, which opens many doors for cybercriminals.
In the future, users can protect themselves from similar attacks by deleting their advertising ID. The exact steps to remove the passcode vary slightly depending on the phone.
On Android, the right point should be found through the privacy or data protection settings. In the private settings, there should be a mention of ads, under which there is an option to remove the ad ID. With the Ios operating system, the corresponding point can also be found in the data protection settings under tracking. The phone is protected when the Allow apps to request tracking setting is turned off.