Cyber Threat Intelligence (CTI) Report: Gravy Analytics Data Breach by “Nightly”
RONIN OWL CTI
Date: January 7, 2025
Incident Overview: On January 5, 2025, a cyber threat actor identified as “Nightly” released a substantial amount of sensitive data allegedly exfiltrated from Gravy Analytics, a prominent location data company. This data breach has far-reaching implications for privacy, corporate security, and the location data industry.
Key Details of the Incident:
- Threat Actor: Nightly
- Initial Leak Date: January 5, 2025
- Data Volume: 10TB of internal data
- Leak Trigger: A failed extortion attempt (“The company has 24 hours to respond, or we will start publishing the data”)
- Published Data Sample: Thousands of files, including:
- The company’s entire 1000+ customer base.
- AWS secrets and plaintext passwords for critical infrastructure.
- Samples of location data being sold by Gravy Analytics.
Nature of the Stolen Data:
- Corporate Information:
- Detailed customer information from over 1000 clients.
- Internal communications and business strategies.
- Credentials for AWS infrastructure stored in plaintext, exposing the company’s cloud-based resources.
Location Data:
- Data collected from over 10,000 Android applications, including:
- GPS locations.
- IP addresses.
- User agents.
- Other metadata from millions of devices.
- Historical tracking data spanning years, enabling detailed monitoring of individuals’ movements.
Implications of the Breach:
- Privacy Risks:
- The leaked location data allows malicious actors to track tens of millions of people.
- Potential for targeted surveillance, stalking, and other abuses.
Exposure of sensitive locations such as homes, workplaces, medical facilities, and places of worship.
- Corporate Impact:
- Severe reputational damage for Gravy Analytics.
- Potential regulatory scrutiny and legal actions due to mishandling of sensitive information.
- Risk to clients and partners relying on the company’s services.
Industry-Wide Consequences:
- Increased scrutiny of the data brokerage industry.
- Potential for stricter regulations and compliance requirements.
Erosion of public trust in location data providers.
Recommendations:
For Gravy Analytics:
- Immediately engage cybersecurity experts to assess the scope of the breach and secure infrastructure.
- Notify affected clients and users promptly in compliance with data breach notification laws.
- Conduct a full audit of internal security practices, especially regarding credentials and access management.
For Individuals:
- Be cautious about sharing location services with mobile applications.
- Review and adjust app permissions to minimize unnecessary data sharing.
- Monitor for unusual activity or signs of targeted surveillance.
For Organizations:
- Ensure vendors adhere to robust security standards for handling sensitive data.
- Conduct third-party risk assessments regularly.
- Advocate for stronger legislative frameworks to govern data collection and usage.
Conclusion:
The Gravy Analytics breach orchestrated by “Nightly” underscores the critical vulnerabilities within the data brokerage sector. The staggering scale of leaked information highlights the urgent need for comprehensive security measures, both at organizational and industry levels, to protect sensitive user data and mitigate the risks of similar breaches in the future.