A major data broker hack has potentially exposed the precise location information of millions of people, according to a recent disclosure by Gravy Analytics. The company, which was targeted by the Federal Trade Commission (FTC) with a ban in December, revealed the breach late last week, sparking concerns about the security of sensitive user data.

The hack, which was first reported by TechCrunch, is believed to have resulted in the theft of precise location data from popular mobile games like Candy Crush, as well as dating apps, pregnancy tracking apps, and more. According to 404 Media, the breach may have affected users of various third-party services that supply data to Gravy Analytics.

Baptiste Robert, CEO of digital security company Predicta Lab, analyzed a small sample data set published in a Russian forum and found that it contained data for "tens of millions of data points worldwide." The sample alone contained more than 30 million locations, including sensitive locations like the White House, Kremlin, Vatican, military bases, and more. This raises serious concerns about the potential misuse of this sensitive information.

Gravy Analytics disclosed the breach to the Norwegian Data Protection Authority, stating that it had "identified unauthorized access to its AWS cloud storage environment" on January 4th. The company is still investigating how long hackers had access to its cloud environment and whether the hack "constitutes a reportable personal data breach." However, preliminary findings suggest that an unauthorized person obtained certain files, which could contain personal data.

This is not the first time Gravy Analytics has faced scrutiny over its handling of sensitive user data. Last month, the FTC proposed an order that would forbid the company from "selling, disclosing, or using sensitive location data in any product or service." The FTC alleged that Gravy Analytics' subsidiary, Venntel, collected data from apps and sold access to that data to businesses or government agencies, including the IRS, DEA, FBI, and ICE.

The implications of this breach are far-reaching, with potential consequences for users of affected apps and services. It highlights the need for stronger data protection regulations and greater transparency from companies handling sensitive user information. As the investigation continues, it remains to be seen what measures will be taken to prevent such breaches in the future and to protect the privacy of millions of users.

In the meantime, users of affected apps and services are advised to be vigilant and take steps to protect their personal data. This includes reviewing privacy settings, being cautious when granting location access to apps, and staying informed about data breaches and security updates.

The Gravy Analytics breach serves as a stark reminder of the importance of data security and the need for companies to prioritize user privacy. As the tech industry continues to grapple with the challenges of data protection, it is crucial that we hold companies accountable for their handling of sensitive user information.