Connect with us

Technology

Hackers claim massive breach of company that tracks and sells Americans' location data

Published

on

Hackers claim massive breach of company that tracks and sells Americans' location data

When we talk about data privacy, tech giants like Google and Facebook are often blamed for using personal data to show ads and recommendations. Less discussed are the businesses whose entire business model revolves around collecting your data and selling it to other companies and governments. These companies often operate in legal gray areas, with the consent required to collect user data buried deep in the fine print.

What’s even more concerning is that these data brokers fail to adequately protect the data they collect. Last year, National Public Data made headlines for failing to secure 2.7 billion records of individuals whose data it had harvested. Now, hackers have reportedly stolen data from Gravy Analytics, the parent company of Venntel, which has sold vast amounts of smartphone location data to the U.S. government.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

A woman working on her laptop (Kurt “CyberGuy” Knutsson)

Advertisement

What you need to know about the breach

Hackers claim to have breached Gravy Analytics, a major location data broker and parent company of Venntel, a firm known for selling smartphone location data to U.S. government agencies. The compromise is massive, including sensitive location data that tracks precise smartphone movements, customer information and even internal infrastructure, according to a 404 Media report.

The hackers are threatening to make the stolen data public. The files contain precise latitude and longitude coordinates of the phone and the time at which the phone was there. Some even indicate what country the data has been collected from.

Hackers have claimed access to Gravy’s systems since 2018. If true, this represents a serious security lapse on the company’s part. It is baffling how companies that collect and sell user data (a practice that arguably shouldn’t be allowed in the first place) failed to protect it from being leaked.

404 Media also suggests that the hackers gained deep access to the company’s infrastructure, including Amazon S3 buckets and server root access. The exposed customer list reportedly includes major companies like Uber, Apple and Equifax as well as government contractors like Babel Street.

Hackers claim massive breach of company that tracks and sells Americans' location data

A hacker (Kurt “CyberGuy” Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Advertisement

What this breach means for people

This data breach highlights the serious security flaws in the location data industry. Companies like Gravy Analytics and Venntel have been profiting from collecting and selling sensitive location data, often without proper user consent. They’ve prioritized profit over security, and now the privacy of millions is at risk. This data could end up on black markets, endangering individuals, especially those in vulnerable situations, by making them targets for harassment or worse.

The FTC’s recent crackdown on Gravy, announced in December, underscores their negligence. The proposed order will prohibit these companies from selling or using location data, except in specific cases like national security or law enforcement. The implications are worrying. Sensitive locations like schools and workplaces could become easy targets for those with malicious intent.

Hackers claim massive breach of company that tracks and sells Americans' location data

A person using their cellphone and working on their laptop (Kurt “CyberGuy” Knutsson)

BEWARE OF ENCRYPTED PDFs AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

5 ways to stay safe in the age of data breaches

The Gravy Analytics breach serves as a sobering reminder of the vulnerabilities in the digital age. While it’s impossible to control how every company handles data, you can take steps to minimize your exposure and protect your privacy. Here are five actionable tips to stay safe.

1) Limit app permissions: Many apps request access to location data, contacts and more, even when it’s not necessary for their functionality. Regularly review the permissions for apps on your smartphone and revoke access to anything that feels excessive. For instance, a weather app doesn’t need access to your microphone or camera.

Advertisement

2) Use a VPN: Virtual private networks (VPNs) can mask your IP address and encrypt your internet activity, making it harder for data brokers and hackers to track your online behavior. A good VPN adds an extra layer of security, especially when using public Wi-Fi networks. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

3) Opt out of data sharing where possible: Some companies allow you to opt out of having your data collected or shared. Services like Your Ad Choices and privacy settings within platforms like Google can help you reduce the amount of data collected. Check for opt-out options with any apps or services you use frequently.

4) Avoid free apps that monetize data: Free apps often generate revenue by selling user data. Instead, consider paid versions of apps that explicitly prioritize privacy. Research the company behind the app to understand its data handling policies before downloading.

5) Invest in data removal services: Data removal services can help you regain some control over your personal information by identifying and removing it from people-search websites, data broker platforms and other online databases. Check out my top picks for data removal services here.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Advertisement

Kurt’s key takeaway

Companies that collect and sell user data pose a significant threat to privacy, and when they fail to protect this data, it often ends up in the hands of even worse actors. Cybercriminals, and even some governments, can exploit this information to target individuals. It is crucial to implement stringent repercussions for these companies when they fail in their duty to safeguard user data. A mere slap on the wrist is not enough. We need real accountability to deter negligence and protect individual privacy rights.

Should companies face stronger penalties for failing to protect personal data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Advertisement

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Technology

China launches center to train 100-plus humanoid robots simultaneously

Published

on

China launches center to train 100-plus humanoid robots simultaneously

Shanghai has officially unveiled its first heterogeneous humanoid robot training center, marking a significant accomplishment in China’s robotics development. 

The Humanoid Robot Kylin Training Ground represents an important step in the country’s technological advancement, showcasing China’s commitment to becoming a global leader in robotics and artificial intelligence.

Humanoid robots being trained (Humanoid Robot Kylin Training Ground)

State-of-the-art center pushes boundaries of robotic training

The National and Local Co-Built Humanoid Robotics Innovation Center has launched a groundbreaking training facility that is revolutionizing the field of robotics. This cutting-edge complex, spanning over 53,800 square feet, is currently capable of training more than 100 humanoid robots at once. The facility features an impressive array of over a dozen specialized training scenarios, including welding, manufacturing and automotive testing.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

Advertisement

These advanced robots have showcased exceptional proficiency, with an average success rate exceeding 90% in various tasks. Their capabilities range from organizing desks and sorting items to operating complex equipment, demonstrating the potential for widespread application across multiple industries. This remarkable achievement underscores the rapid progress being made in the field of humanoid robotics and highlights China’s growing prominence in artificial intelligence and automation technologies.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

training robots 2

Humanoid robots being trained (Humanoid Robot Kylin Training Ground)

WAREHOUSE ROBOT USES AI TO PLAY REAL-LIFE TETRIS TO HANDLE MORE THAN EVER BEFORE 

How the facility is helping China tackle tech challenges and aging population

The training facility aligns with China’s broader strategy to address multiple challenges, including global tech competition and the complexities of an aging society. By 2027, the center aims to train 1,000 general-purpose robots simultaneously, with plans to collect 10 million high-quality physical data entries through collaborations with local robot manufacturers.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Advertisement
training robots 3

Humanoid robots being trained (ShanghaiEye)

WILLING TO PAY $175,000 FOR A LIFE-SIZE ROBOT FRIEND THAT REMEMBERS EVERYTHING ABOUT YOU?

China’s next-gen robot ready to slither into the future

The center is preparing to introduce the 2.0 version of its humanoid robot, “Deep Snake,” which will showcase advanced technologies like linear joint actuators. This means the robot will have smoother, more precise movements. Linear joint actuators are like advanced motors that allow the robot’s joints to move in a straight line, giving it more fluid and controlled motions. It’s a big step forward in making robots that can perform a wider range of tasks with greater accuracy and efficiency. These innovations are expected to enhance the versatility and performance of humanoid robots, further solidifying China’s leadership in the robotics industry.

training robots 4

Humanoid robot being trained (ShanghaiEye)

ROBOTIC DOG HELPS THOSE FACING MENTAL HEALTH AND COGNITIVE CHALLENGES

The potential and economic impact of the humanoid robot market

The Chinese humanoid robot market is experiencing explosive growth, showcasing the country’s rapid advancement in this cutting-edge technology sector. In 2024, the market was valued at $379 million, demonstrating significant initial traction. Looking ahead, projections indicate a remarkable expansion to approximately $2.3 billion by 2025, based on current exchange rates. Even more impressive is the anticipated growth to about $11.8 billion by 2030, highlighting the immense potential of this industry. The development extends beyond industrial applications, with plans for the first World Humanoid Robot Sports Games and even a marathon-running robot named “Tiangong” set to compete in April.

Advertisement

BEST PRESIDENT’S DAY DEALS

training robots 5

Humanoid robots being trained (ShanghaiEye)

Kurt’s key takeaways

China’s investment in the Humanoid Robot Kylin Training Ground is a strategic move to reshape industrial capabilities, address societal challenges and position the country at the forefront of global innovation. As the technology continues to evolve, the world will be watching closely to see how these advanced robots will transform various sectors and potentially redefine human-machine interaction.

Do you think humanoid robots are the solution to tomorrow’s workforce challenges or the beginning of a technological transformation where humans are replaced? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Advertisement

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Advertisement

Continue Reading

Technology

Everything we think we know about the next iPhone SE

Published

on

Everything we think we know about the next iPhone SE

Apple has confirmed a product launch on February 19th, and we think it’ll be the new iPhone SE. That could mark a major shake-up to the company’s affordable iPhone line, adding in Face ID and killing off the classic home button.

We don’t expect Apple to hold a full launch event for the new SE, instead simply announcing the phone on its website. When the company has done this in the past, it’s tended to favor announcements at 9AM ET, so set your alarm clock now if you don’t want to miss the news.

We have a pretty good idea of what’s coming after months of leaks and rumors, so here’s everything we expect to see next week.

There won’t be a home button…

The biggest change is that Apple is upending the iPhone SE’s design, after leaving it broadly unchanged since the series’ inception in 2016. The 2022 SE is the last iPhone still using a home button, with a thick bezel around the top and bottom of the screen. But rumors say Apple will now ditch the button, slim the bezel, and add Face ID.

Advertisement

The result will be a phone that looks like the iPhone 14 from the front. Like that phone, it’s expected to place its Face ID sensors in a notch, rather than using the less obtrusive Dynamic Island design that was introduced in the 14 Pro and has been used in every iPhone since then. Apple can’t resist keeping its SE series just a little behind the times.

We’ve seen the notched design in a video shared by the leaker Majin Bu, which shows them handling what is likely a nonfunctional dummy unit, used by case manufacturers to design and test their accessories.

Case manufacturer Spigen also showed off renders of the phone when it accidentally published a listing early for one of its cases for the phone. The product page has been taken down, but not before GSMArena grabbed images that closely match the device shown in the video above.

…but there will be an Action button

Bu’s video and Spigen’s images both suggest that the SE 4 will include a customizable Action button, but not the Camera Control introduced on the iPhone 16.

Advertisement

Like other SE models, it also appears to stick to a single rear camera. One leaked spec list suggests that the SE will use a 48-megapixel sensor on the rear, with a 12-megapixel selfie camera on the front, but this is an area where there have been few reports so far.

It’s not going to be a small phone

The redesign will allow the 2025 SE to have a larger screen than the 4.7-inch panel used by the 2022 model. It’s expected to instead use a 6.1-inch display, the same size as the standard iPhone 16, and will also upgrade to OLED.

The bigger screen means the phone as a whole will be larger than any previous iPhone SE, and there will no longer be any iPhone smaller than the standard model. If we assume the new phone will have similar dimensions to the iPhone 16, then it could be 9mm taller than the 2022 SE and weigh about 25g more.

Lightning is out, USB-C is in

Advertisement

It’s pretty much certain that the phone will have a USB-C port rather than Lightning, allowing it to once again be sold in the EU. The previous SE model was discontinued in EU markets, along with every other iPhone using a Lightning port.

It’ll be one of the most powerful iPhones around

On the inside, Bloomberg reports that the phone will use the same A18 chip as the iPhone 16 and 16 Pro models. That’s the same approach Apple has used for its last two SE phones, which have paired the latest silicon with more dated designs. The A18 is expected to be combined with an increase to 8GB of RAM, the minimum required to run Apple Intelligence, the company’s AI tools that provide notification summaries and other functionality and are now enabled by default. That would all make it more powerful than 2023’s iPhone 15.

It will even beat this year’s iPhone 17 series to feature Apple’s first in-house 5G modem, replacing the Qualcomm components that iPhones have used in the past. Apple has been developing its own modems for over half a decade, but Bloomberg warns that the first iteration is a “downgrade” from the modem in the latest flagship iPhones and won’t support mmWave 5G, only sub-6 — though that was true of the last iPhone SE, too.

Tim Cook has teased a new “member of the family,” arriving on February 19th, and we’re pretty sure that’s the new SE.

Advertisement

Bloomberg predicts a price of “roughly $500,” higher than the 2022 model’s starting price of $429. That may be offset by a default storage spec of 128GB, meaning there would no longer be any 64GB iPhone on the market.

There’s also a possibility that it won’t be called the iPhone SE after all. Two leakers have predicted that it will instead be called the iPhone 16E, though, since the SE name has popped up more often, we think that’s still more likely.

We won’t have long to wait to find out for sure. The SE would be the first of several big iPhone launches this year, with Apple tipped to reveal a slimmer iPhone 17 Air as well as “major updates” to the iPhone 17 and iPhone 17 Pro.

Update, February 13th: Added mention of Apple’s teaser for an announcement on February 19th.

Advertisement
Continue Reading

Technology

Screenshot-scanning malware discovered on Apple App Store in first-of-its-kind attack

Published

on

Screenshot-scanning malware discovered on Apple App Store in first-of-its-kind attack

Every tech expert will tell you the App Store is safer than Google Play Store. Some might even claim it is impossible to download a malicious app from the App Store, but they are wrong. 

While I admit the App Store is a secure and tightly controlled ecosystem, it cannot completely shield you. Security researchers have found that hackers are targeting several apps on the App Store to spread malware that steals information from screenshots saved on a device. 

The issue also affects those downloading apps from the Google Play Store.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

A person holding an iPhone. (Kurt “CyberGuy” Knutsson )

Advertisement

How the malware works and what makes it different

According to researchers at Kaspersky, this malware campaign is more advanced than typical info stealers, both in how it works and how it spreads. Instead of relying on social engineering tricks to get users to grant permissions like most banking trojans or spyware, this malware hides inside seemingly legitimate apps and slips past Apple and Google’s security checks.

One of its standout features is Optical Character Recognition. Instead of stealing stored files, it scans screenshots saved on the device, extracts text and sends the information to remote servers.

Once installed, the malware operates stealthily, often activating only after a period of dormancy to avoid raising suspicion. It employs encrypted communication channels to send stolen data back to its operators, making it difficult to trace. Plus, it spreads through deceptive updates or hidden code within app dependencies, an approach that helps it evade initial security screenings by app store review teams.

The infection vectors vary between Apple and Google’s ecosystems. On iOS, the malware is often embedded within apps that initially pass Apple’s rigorous review process but later introduce harmful functionality through updates. On Android, the malware can exploit sideloading options, but even official Google Play apps have been found to carry these malicious payloads, sometimes hidden within SDKs (software development kits) supplied by third-party developers.

Messaging app

Messaging app in the App Store designed to lure victims.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Advertisement

What’s being stolen, and who’s responsible?

The scope of stolen information is alarming. This malware primarily targets crypto wallet recovery phrases but is also capable of exfiltrating login credentials, payment details, personal messages, location data and even biometric identifiers. Some versions are designed to harvest authentication tokens, allowing attackers to access accounts even if users change their passwords.

The apps serving as malware carriers include ComeCome, ChatAi, WeTink, AnyGPT and more. These range from productivity tools to entertainment and utility apps. In some cases, malicious developers create these apps with full knowledge of the malware’s purpose. In others, the issue appears to be a supply chain vulnerability, where legitimate developers unknowingly integrate compromised SDKs or third-party services that introduce malicious code into their applications.

We reached out to Apple for a comment but did not hear back before our deadline. 

App Store

Messaging app in the App Store designed to lure victims. (Kaspersky)

Apple’s response to screenshot-scanning malware discovered in App Store

Apple has removed the 11 iOS apps mentioned in Kaspersky’s report from the App Store. Furthermore, they discovered that these 11 apps shared code signatures with 89 other iOS apps, all of which had been previously rejected or removed for violating Apple’s policies, resulting in the termination of their developer accounts.

Apps requesting access to user data such as Photos, Camera or Location must provide relevant functionality or face rejection. They must also clearly explain their data usage when prompting users for permission. iOS privacy features ensure users always control whether their location information is shared with an app. Also, starting in iOS 14, the PhotoKit API — which allows apps to request access to a user’s Photos library — added additional controls to let users select only specific photos or videos to share with an app instead of providing access to their entire library. 

Advertisement

The App Store Review Guidelines mandate that developers are responsible for ensuring their entire app, including ad networks, analytics services and third-party SDKs, complies with the guidelines. Developers must carefully review and choose these components. Apps must also accurately represent their privacy practices, including those of the SDKs they use, in their privacy labels.

In 2023, the App Store rejected over 1.7 million app submissions for failing to meet its stringent privacy, security and content standards. It also rejected 248,000 app submissions found to be spam, copycats or misleading and prevented 84,000 potentially fraudulent apps from reaching users.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

What Google is doing to stop malware 

A Google spokesperson tells CyberGuy: 

“All of the identified apps have been removed from Google Play and the developers have been banned. Android users are automatically protected from known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.”

Advertisement

However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. Here’s why:

What Google Play Protect can do:

  • Scans apps from the Google Play Store for known threats.
  • Warns you if an app behaves suspiciously.
  • Detects apps from unverified sources (sideloaded APKs).
  • Can disable or remove harmful apps.

What Google Play Protect can’t do:

  • It does not provide real-time protection against advanced threats like spyware, ransomware or phishing attacks.
  • It does not scan files, downloads or links outside of Play Store apps.
  • It may miss malware from third-party app stores or sideloaded apps.
  • It lacks features like VPN protection, anti-theft tools and privacy monitoring.
password

Image of a person typing in their password on screen. (Kurt “CyberGuy” Knutsson)

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

5 ways users can protect themselves from such malware

1. Use strong antivirus software: Installing strong antivirus software can add an extra layer of protection by scanning apps for malware, blocking suspicious activity and alerting you to potential threats. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Stick to trusted developers and well-known apps: Even though malware has been found in official app stores, users can still minimize their risk by downloading apps from reputable developers with a long track record. Before installing an app, check its developer history, read multiple reviews and look at the permissions it requests. If an app from an unknown developer suddenly gains popularity but lacks a strong review history, approach it with caution.

Advertisement

3. Review app permissions carefully: Many malicious apps disguise themselves as legitimate tools but request excessive permissions that go beyond their stated purpose. For example, a simple calculator app should not need access to your contacts, messages or location. If an app asks for permissions that seem unnecessary, consider it a red flag and either deny those permissions or avoid installing the app altogether. Go to your phone settings and check app permissions on your iPhone and Android

4. Keep your device and apps updated: Cybercriminals exploit vulnerabilities in outdated software to distribute malware. Always keep your operating system and apps updated to the latest versions, as these updates often contain critical security patches. Enabling automatic updates ensures that you stay protected without having to manually check for new versions.

5. Be wary of apps that promise too much: Many malware-infected apps lure users by offering features that seem too good to be true — such as free premium services, extreme battery optimizations or AI-powered functionality that appears unrealistic. If an app’s claims sound exaggerated or its download numbers skyrocket overnight with questionable reviews, it’s best to avoid it. Stick to apps with a transparent development team and verifiable functionalities. 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Kurt’s key takeaway

The new malware campaign highlights the need for stricter vetting processes, continuous monitoring of app behavior post-approval and greater transparency from app stores regarding security risks. While Apple and Google have removed the malicious apps upon detection, the fact that they made it onto the platform in the first place exposes a gap in the existing security framework. As cybercriminals refine their methods, app stores must evolve just as quickly or risk losing the trust of the very users they claim to protect.

Advertisement

Do you think app stores should take more responsibility for malware slipping through? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Advertisement

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Continue Reading

Trending