Data Broker Hack Exposes Location Info From Millions of iPhone Users

by

Data broker Gravy Analytics has been hacked, and location information from millions of iPhone and Android users is at risk, reports TechCrunch. Gravy Analytics' parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a "misappropriated access key."

apple security banner
"Some files" were obtained, and preliminary findings suggest those files "could contain personal data" collected from users of third-party services that use Gravy Analytics. According to 404Media, hackers are claiming to have customer lists and location data from smartphones that shows peoples' precise movements, with millions of users affected. Some of that data, which does indeed include the historical location of smartphones, has been published on private forums.

Gravy Analytics says that it tracks more than a billion devices around the world daily, and security researchers that saw a sample of the data collected by Gravy Analytics confirmed that the information can be used to track a person's recent locations, with no anonymization.

In December, the United States Federal Trade Commission (FTC) prohibited Gravy Analytics and its subsidiary Venntel from selling, disclosing, or using sensitive location data in any product or service. The FTC warned that the two companies exposed consumers to privacy harms that could include disclosure of health information, political activity, and religious practices, and put people at risk of stigma, discrimination, violence and other harms.

The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company's systems had likely already been breached at the time.

Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled. Gravy Analytics' database had location data from ‌iPhone‌ apps that include FlightRadar, Grindr, and Tinder, and while the apps did not have a direct relationship with the data broker, user location information was collected through their ads.

Turning off app tracking in the Privacy and Security section of the ‌iPhone‌'s Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.

Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that ‌iPhone‌ users that had app tracking disabled did not have their data shared.

Popular Stories

Verizon New

Verizon is Down: iPhones Show 'SOS' Mode Due to Network Outage [Resolved]

Wednesday January 14, 2026 10:18 am PST by
Verizon is experiencing a major outage across the U.S. today, with hundreds of thousands of customers reporting issues with the network on the website Downdetector. There are also complaints across Reddit and other social media platforms. iPhone users and others with Verizon service are generally unable to make phone calls, send text messages, or use data over 5G or LTE due to the outage....
Read Full Article143 comments
iPhone Top Left Hole Punch Face ID Feature Purple

New Leak Reveals iPhone 18 Pro Display Sizes, Under-Screen Face ID, and More

Wednesday January 14, 2026 7:09 am PST by
While the iPhone 18 Pro models are still around eight months away, a leaker has shared some alleged details about the devices. In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max. Consistent with previous...
Read Full Article64 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Later This Year With These 12 New Features

Thursday January 15, 2026 10:56 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another eight months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models, as of January 2026: The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID...
Read Full Article70 comments
2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, Macs, and More

Thursday January 15, 2026 11:19 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the United States, according to the company's website. Most of the values declined slightly, but some of the Mac values increased. iPhone ...
Read Full Article54 comments
maxresdefault

Google Gemini-Powered Siri Will Reportedly Have These 7 New Features

Tuesday January 13, 2026 7:52 pm PST by
Apple and Google this week announced that Gemini will help power a more personalized Siri, and The Information has provided more details. Subscribe to the MacRumors YouTube channel for more videos. As soon as this spring, the report said the revamped version of Siri will be able to… Answer more factual/world knowledge questions in a conversational manner Tell more stories Provide...
Read Full Article228 comments

Top Rated Comments

john123 Avatar
john123
13 months ago
I feel like this story ignores the larger point.

Gravy is far from the only player in this market. Who you are and where you’ve been is data that’s collected, harvested, and used all the time.

A hack means that more people have access to that data who shouldn’t. Yeah, that’s not good. But there are thousands of companies that have some of this data on you because they collected it — or paid for it — “legally.” That should be disconcerting for many people.
Score: 50 Votes (Like | Disagree)
Razorpit Avatar
Razorpit
13 months ago
In other words, ads are far more of a nuisance than we ever imagined possible.
Score: 45 Votes (Like | Disagree)
rp2011 Avatar
rp2011
13 months ago
It's only a matter of time until personal data collection becomes illegal to collect. It has been shown time and again that none of them can protect the user and, on the contrary, do a lot of harm.
Score: 18 Votes (Like | Disagree)
DrPeril Avatar
DrPeril
13 months ago
> apps that include FlightRadar, Grindr, and Tinder

Ok... what about a complete list of Apps so people can at least gain some idea of their level of exposure...
Score: 16 Votes (Like | Disagree)
oneMadRssn Avatar
oneMadRssn
13 months ago

Turning off app tracking in the Privacy and Security section of the iPhone's Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.
I also highly recommend people get an ad and tracker blocking DNS set up to further block such things on all devices and websites. The easiest is NextDNS ('https://nextdns.io/?from=3s7h3d98'), which is the best $20/year I spend probably. Other more complex solutions are PiHole or AdGuard Home.
Score: 14 Votes (Like | Disagree)
novagamer Avatar
novagamer
13 months ago
Surely this very website would never use third party telemetry or click tracker embeddings via referrals and advertisements which wind up as part of these data sets…once sold and resold (and resold…)

Pushback starts with people choosing not to use these invasive technologies which are almost never necessary, not the users.
Score: 13 Votes (Like | Disagree)
Read All Comments