Millions of smartphone users may have had their locations exposed in a massive data breach.
Hackers have reportedly stolen over 10 terabytes of data from Gravy Analytics, a US-based location tracking company that collects intimate location information through popular apps.
The firm can literally see things like people's precise movements or where they're using the phone in their house and shares it with other companies or government agencies.
Russian-speaking hackers have shared samples of the stolen data on a well-known hacking forum.
Advert
Baptiste Robert, founder of Predicta Lab, a company that provides tools for online privacy and security, analysed the sample and could easily identify details about people's homes and family lives.
He explained that software development kits (SDKs) in popular apps were quietly sending users’ location data to Gravy Analytics, even if the apps themselves didn’t have direct partnerships with the company.
In saying that, some big players have spoken out and denied any connection with the location tracking firm.
A source familiar with the leak stated that Tinder might be mentioned simply because it’s installed on devices alongside other apps that interact with Gravy Analytics.
"Tinder takes safety and security very seriously," a Tinder spokesperson reported. "We have no relationship with Gravy Analytics and have no evidence that this data was obtained from the Tinder app."
Meanwhile, Spotify said it could confirm 'no Spotify user data is involved in this hack.'
A source at Sky mentioned the company is urgently investigating the incident and sees no indication of a commercial relationship with Gravy Analytics.
"This is a new type of hack," said Graeme Stewart, from cyber security firm Check Point.
"It's not just your personal details, it's really quite intimate details about your life and what you're doing and how you're doing it."
And by intimate, Stewart says they can track whether you're using your phone on the bus or on the toilet.
He added: "It's that level of detail which suddenly gives people the ability to make really quite deep distinctions and deep observations about your life and use that against you."
Thankfully, there are steps to take to protect ourselves.
To reduce the risk of your location data being exposed in hacks like this, Robert suggested that users turn off their location and Wi-Fi when they're not in use.
Then, Android users should delete their advertising ID whilst iOS users turn off "Allow Apps to Request To Track" in the privacy and security settings.