Hackers Claim Massive Breach of Location Data Giant, Threaten To Leak Data (404media.co)
- Reference: 0175847119
- News link: https://it.slashdot.org/story/25/01/07/1919247/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data
- Source link: https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
> The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements, and they are threatening to publish the data publicly.
>
> The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.
[1] https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/
Data mining (Score:2)
You could get a lot of blackmail material with some smart analysis - find men and women with the same last name who are together most nights... Then look for hookups and massage parlour visits.
Or maybe look up crime maps (some police forces publish the data) and find people who seem to be at crime scene more than once. You'll get a list of cops and criminals, and from there where they live and who their friends are. Each list profitable in its own way.
Re: (Score:2)
Hopefully if it does leak they will target politicians and we might get some laws banning these location broker businesses completely.
Ah hell, who am I kidding, they will just mandate special opt-outs for themselves and fuck everyone else.
Re: (Score:2)
> Hopefully if it does leak they will target politicians and we might get some laws banning these location broker businesses completely.
This is the way. The Bork Tapes led to the Video Privacy Protection Act.
Anyone know what it would cost, to hire Locate X (or something like it) to generate daily reports of the movements of everyone in Congress and SCOTUS?
Re: (Score:2)
>> Hopefully if it does leak they will target politicians and we might get some laws banning these location broker businesses completely.
> This is the way. The Bork Tapes led to the Video Privacy Protection Act.
> Anyone know what it would cost, to hire Locate X (or something like it) to generate daily reports of the movements of everyone in Congress and SCOTUS?
My guess is the Go Fund Me page for that one would make enough to cover it before the government forced it to be shut down.
Re: (Score:2)
You can also use the data to find gatherings, even underground ones, perhaps send someone as an agent provocateur to stir things up, so a quiet rally turns into a riot.
Extortion and blackmail definitely come to mind, especially if two people are found to have been in the same room at a hotel at the same time.
Don't forget physical job interviews. A lot of companies would love to know if someone takes a sick day and is off interviewing at UAC.
Problem is that if info is gathered, eventually it will be hacked
Re: (Score:2)
Finally that Jessica Fletcher will be exposed for "coincidentally" being at murder scenes time and time again.
No data in, no data out (Score:2)
That's why GPS is turned off unless I absolutely need it, and my cellphone spends 90% of its time in airplane mode.
The sumbitches can't lose data they don't have.
Re: (Score:2)
If you use Android, I believe Google was caught interpreting 'location services off' as 'cache it and do a burst transmission the next time the user turns the service on'.
Re: (Score:2)
ok but how is the mcdonalds app going to know what mcdonalds I am at without GPS?
Between a Rock and a Hard Place? (Score:1)
Data is the new oil, or so they used to say. However, is this hacking pirates seeking quick riches, or is this a psy-op of a nation state seeking to force another to build a wall?
My first reaction is that these hackers are likely not domestic, the article requires a login and the readable portion without such does not credit a group behind this breach. If the hackers are not domestic, then my next thought is whether there should be an air-gapped solution separating risk sectors? A "Great Firewall" between
Location data collection should be illegal... (Score:2)
It should be illegal for companies to collect, store and (ab)use this kind of location data.
app tracking protection (Score:2)
They get the location data from apps on your phone that periodically grab all the info they can get their hands on and export it to multiple tracking companies that pay money for it. I know this because it is blocked on my phone and I can see what they want to send and where it would go.
If you have an Android phone you can prevent the tracking. Install the duckduckgo app, go to settings and turn on application tracking protection. It instantiates a local VPN that filters all the network traffic and blocks t
new law needed (Score:3)
If you harvest data and sell or make money off of it, and it is breached the C-suite gets 10 years in prison.
Re: (Score:2)
New "Law" Needed: Cruise Missile up hackers' asses
Re: (Score:2)
Ukraine seems to be putting some of it to good use unaliving a lot of Russians...
Balance Needed (Score:4, Interesting)
You need to apply some balance to that. In cases there a company has not followed industry standard security procedures appropriate to the data being stored then sure. But if they have taken appropriate security measures but got hacked by, for example, a state-sponsored group with considerable know-how and resources then even the best security measures are not going to protect your data and it's hard to blame the company for that any more than you would blame a bank for being robbed.
However, regardless of fault all companies should be held financially liable for the damage caused by any release of any data that they store and perhaps required to carry appropriate liability insurance. That will ensure they have an insurance company breathing down their necks to keep data secure in a way that's probably far more effective and far reaching than any criminal law could ever be.
Re: (Score:2)
Requiring that they follow "industry standards" would only encourage the industry to lower its standards bellow rock bottom. How about requiring that they follow standards specified in the law, such as "all internet facing software must be formally verified to be free of defects that would allow privilege escalation or circumvention of access controls", in addition to no liability shielding. Full liability for damages caused by their product should be something that applies to all software companies, just l