Threat Intelligence Firm HYAS Accused Of Buying App Data That Can Track Users To Their Homes
Private threat analysis and mitigation company, HYAS, is buying user data from phone apps to try to track hackers. A major side-effect of this, though, is that regular users are possibly being ensnared and HYAS claims they can track people to their “doorstep.”
The collection of user data has long been a problem for everyone. Only recently was TikTok discovered collecting user data, which put their parent company, Bytedance, under scrutiny. By and large, the data collected is anonymous. However, when it is not collected anonymously, it can be used to track specific people accurately.
HYAS, the threat intelligence company, is now offering tools to track people for threat intelligence purposes. With the example HYAS had in a webinar, they used location data to track a suspect down. They were able to get down to an apartment building level and we able to get specific house information, name, cellphone and other information. Simply put, this usage of data and availability of personably identifiable information (PII) is insanity. Presumably, the vast amounts of data contain data about everyone, as apps do not selectively collect data.
An anonymous source to Vice said that “As a TI [threat intelligence] tool it's incredible, but ethically it stinks." According to the LinkedIn page for the HYAS CEO, “We track threat actors and other bad guys down to their physical doorstep for customers and clients.” It is likely though that this data is not limited to “threat actors” and “bad guys.” No matter what, private data collection can raise ethics issues and concerns as it affects everyone, as we said earlier that apps do not selectively collect data.
Overall, this news that Vice broke is scary. It is now public information that private companies can track people through data collection. This tracking can be shared and used by other companies and government entities as well. Senators and representatives need to be made highly aware of this else we face mass invasions of privacy from any bad actor who gets access to systems like this. If you want to view the datasheet on this system, you can do so here. Let us know in the comments below how you feel about this level of tracking.
(Webinar imagery courtesy of Vice)