How apps you use got hijacked into selling your location

Playing Candy Crush, swiping left on a dating app and checking your Yahoo inbox shouldn’t expose your location. I say shouldn’t, but those apps and thousands more were likely hijacked by data brokers who turned your personal info into cash.

Now, cybercriminals on the Dark Web have access to the location information of tens of millions of people. I’ll explain how this happened and share my secret weapon for fighting this kind of privacy invasion.

🔎 Whodunnit?

It all started with Gravy Analytics, a data broker that tracks over a billion devices worldwide. (They also own Venntel, which sells info to U.S. government agencies like the FBI and IRS.) A Russian hacker wormed into Gravy’s records, stealing 1.4 gigabytes of info.

▶️ That data includes over 30 million location points. 404 Media (paywall link) investigated the breach and found the shocking way they obtained your whereabouts.

This is clever (and super sketchy)

When you open a site or app, there’s a millisecond-long auction to decide the ads you see. The process is called real-time bidding (RTB), and it’s based on, among other things, all the data points they have about you and what you’re most likely to buy.

RTB collects enough information to make sure the right people are seeing an ad, and data brokers are in those auctions, too, with another purpose: To snag your info. The scummiest part is they don’t even need to buy any ads to do it.

The Gravy Analytics leak data shows thousands of apps gathered your location data. The working theory is they collected RTB data themselves or bought it from other data-broker companies.

Who’s on this list?

The list is long, and I’ll get to the specifics. Some apps, like Tinder, say they’ve never worked with Gravy Analytics. (I’ve heard that excuse before.) But if the info came from RTB, that’s in the advertising ecosystem, not the app’s code.

Really, that’s worse in some ways. This type of location tracking is happening through apps whether or not developers explicitly OK it. This includes:

Continue reading

Keep hackers out of your online life

Cybercriminals never stop coming up with ways to steal your info, so I’m always on the hunt for tools that make your digital life safer. One of their sneakiest tricks? Keyloggers.

Keyloggers secretly record every single thing you type — passwords, credit card numbers, private messages, you name it. They send your info straight to the person controlling the malware, giving them a backstage pass to your life.

Continue reading

I warned you about this months ago: If you get a text from E-ZPass or SunPass about unpaid tolls, fines or legal trouble, delete it. Chinese cybercriminals are behind a campaign sending fake messages across America. Click the link and you’ll land on a copycat site of a real toll services company, ready to steal your payment info. Never follow a link to pay a bill; go to the official site yourself.

60 million

Students and teachers impacted by a massive software breach. PowerSchool, used by 16,000 schools for grades and administration, was hacked. Cybercriminals got Social Security numbers, medical records and home addresses. In some cases, the data went back to the ‘80s. You should get a call if your info is impacted.

It’s not just bogus calls and emails

Imagine getting a call from what looks like your bank’s number, warning you about suspicious activity on your account. The caller knows just enough to make you trust them. It’s all a lie, and you’re screwed if you don’t realize that soon enough.

Continue reading

The crypto investment scam that’s all over social media

I’m all about using AI to get stuff done. No kidding, I use ChatGPT every day to shortcut planning and organize my work and my life.

You know who else loves AI? Cybercriminals. A new scam powered by deepfakes is all over social media. Too many people have fallen for it and lost millions of dollars in the process. I’ve got the dirty details so you don’t become a victim, too.

Continue reading

Security tip: Next time you stay at a hotel, turn on your VPN

Did you know the average American spends more than 24 hours each week online? That is a considerable chunk of time.

If you’re one of many with multiple devices regularly accessing the internet, you probably know you need a secure connection to protect sensitive data. A virtual private network or VPN is the best way to do this.

Continue reading

40% increase

In phishing attacks, thanks to one trick. Cybercriminals buy up super-cheap and easy-to-register domain extensions like .shop, .top, .xyz, .vip and .club. If you see one, move on.

🚨 Netflix renewal scam: Cybercriminals are sending fake Netflix texts claiming your account’s about to be suspended. They’ll say there was an “issue processing your payment” or a “failure in your recent payment” and ask you to sign in through a link. It’s just a trick to steal your login details and credit card info. Don’t fall for it.

iScam, you scam: Cybercriminals are sending fake emails claiming your Apple ID is suspended, urging you to click a link to “verify” your info. Don’t fall for it. Apple never asks for sensitive info via email.

📶 Let go: D-Link’s VPN routers have hit their end-of-life, making it an easy way for hackers to enter your network. No security patches are coming. If cybercriminals get in, they can spy on your activity and steal your passwords or credit card info. Unsure if you’re affected? Contact D-Link.

Security tip: 3 dumb mistakes putting you at risk online

There are countless cybersecurity threats you need to watch out for. The AV-TEST Institute says it detects over 450,000 new malicious programs every day.

We’ve compiled some easy mistakes you could be making right now. You may discover a weakness that puts your digital life in danger. Thanks to our sponsor, TotalAV, you can scroll down to stay safe!

Continue reading

Yes, you can add a VPN to your TV - Here are a few reasons you should

You can use many methods to protect against cyberattacks, including strong passwords, antivirus software, a virtual private network (VPN), privacy-focused browsers and more. Tap or click here for our list of essential privacy tools that help you stay safe online.

Continue reading

📨 You’ve hit the scan-pot! Cybercriminals are sending paper letters to launch new phishing attacks. They’re including QR codes to download a weather app that — you guessed it — unleashes malware to steal sensitive data, like banking info. PSA: Don’t scan random QR codes.

Area codes and numbers that are probably spam

Whew, the election’s over. The onslaught of robocalls and texts is over, too … right? Nope.

There are fewer political calls and messages, sure, but there are always scammers and spammers. It may be easier for these creeps to get a hold of us now that our phones aren’t constantly lighting up with election-related notifications.

Continue reading

Protect all your devices with the best antivirus software

When it comes to antivirus software, there’s no better choice than our sponsor, TotalAV. For one, it’s available for your phone and computer, so all your devices are protected.

This security suite protects all your devices from the scariest online threats, such as ransomware, spyware, adware and (of course) malware. Its WebShield browser extension provides advanced protection against malicious websites and even blocks bad guys from stealing your data.

Continue reading

Working the system: Cybercriminals are using hacked government and law enforcement email addresses to request customer data from Big Tech companies. Police usually need a search warrant for files and messages, but for basic details like phone numbers, login credentials and approximate locations, a request is all it takes.

Console yourself; it’s game over: Malware called Winos4.0 is targeting Windows gamers. It sneaks in through infected third-party game mods. Once it’s on your system, cybercriminals play their own games, looking for crypto and taking screenshots of what you do so they can blackmail you. PSA: Skip the mods.

🚨 Don’t fall for it: Cybercriminals are sending emails that lead to an “I am not a robot” CAPTCHA. Click the checkbox and you’ll see a prompt to press “Win + R,” which opens the command prompt on a Windows computer. Their final request: “Paste in this code.” It’s malware. The links can look like anything, so be on the lookout for this trick.

Protect up to 5 devices from malware, viruses and more - Just $20 for an entire year

There’s nothing wrong with looking for ways to save money. Cutting back on things like your cable or electric bill is just good business. But you need to be smart about where to cut corners. Protecting your devices and critical files should not be skimped with all the cybercriminals and digital threats lurking.

Continue reading