Data Broker Hack Exposes Location Info From Millions of iPhone Users

by

Data broker Gravy Analytics has been hacked, and location information from millions of iPhone and Android users is at risk, reports TechCrunch. Gravy Analytics' parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a "misappropriated access key."

apple security banner
"Some files" were obtained, and preliminary findings suggest those files "could contain personal data" collected from users of third-party services that use Gravy Analytics. According to 404Media, hackers are claiming to have customer lists and location data from smartphones that shows peoples' precise movements, with millions of users affected. Some of that data, which does indeed include the historical location of smartphones, has been published on private forums.

Gravy Analytics says that it tracks more than a billion devices around the world daily, and security researchers that saw a sample of the data collected by Gravy Analytics confirmed that the information can be used to track a person's recent locations, with no anonymization.

In December, the United States Federal Trade Commission (FTC) prohibited Gravy Analytics and its subsidiary Venntel from selling, disclosing, or using sensitive location data in any product or service. The FTC warned that the two companies exposed consumers to privacy harms that could include disclosure of health information, political activity, and religious practices, and put people at risk of stigma, discrimination, violence and other harms.

The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company's systems had likely already been breached at the time.

Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled. Gravy Analytics' database had location data from ‌iPhone‌ apps that include FlightRadar, Grindr, and Tinder, and while the apps did not have a direct relationship with the data broker, user location information was collected through their ads.

Turning off app tracking in the Privacy and Security section of the ‌iPhone‌'s Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.

Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that ‌iPhone‌ users that had app tracking disabled did not have their data shared.

Popular Stories

M5 MacBook Pro

Apple Announces New 14-Inch MacBook Pro With M5 Chip

Wednesday October 15, 2025 6:07 am PDT by
Apple today updated the 14-inch MacBook Pro base model with its new M5 chip, which is also available in updated iPad Pro and Vision Pro models. In addition, the base 14-inch MacBook Pro can now be configured with up to 4TB of storage on Apple's online store, whereas the previous model maxed out at 2TB. However, the maximum amount of unified RAM available for this model remains 32GB. Like...
Read Full Article275 comments
Apple iPad Pro hero M5

Apple Debuts New iPad Pro With M5 Chip, Faster Charging, and More

Wednesday October 15, 2025 6:16 am PDT by
Apple today announced the next-generation iPad Pro, featuring the custom-designed M5, C1X, and N1 chips. The M5 chip has up to a 10-core CPU, with four performance cores and six efficiency cores. It features a next-generation GPU with Neural Accelerator in each core, allowing the new iPad Pro to deliver up to 3.5x the AI performance than the previous model, and a third-generation ray-tracing ...
Read Full Article281 comments
maxresdefault

Here's Everything Apple Announced Today

Wednesday October 15, 2025 3:54 pm PDT by
We didn't get a second fall event this year, but Apple did unveil updated products with a series of press releases that went out today. The M5 chip made an appearance in new MacBook Pro, Vision Pro, and iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up our coverage and highlighted the main feature changes for each device below. MacBook Pro M5...
Read Full Article85 comments
iphone air thickness

Apple Said to Cut iPhone Air Production Amid Underwhelming Sales

Friday October 17, 2025 8:29 am PDT by
Apple plans to cut production of the iPhone Air amid underwhelming sales performance, Japan's Mizuho Securities believes (via The Elec). The Japanese investment banking and securities firm claims that the iPhone 17 Pro and iPhone 17 Pro Max are seeing higher sales than their predecessors during the same period last year, while the standard iPhone 17 is a major success, performing...
Read Full Article418 comments
HomePod mini and Apple TV

Apple's Next Rumored Products: New HomePod Mini, Apple TV, and More

Thursday October 16, 2025 9:13 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro, iPad Pro, and Vision Pro with its next-generation M5 chip, but previous rumors have indicated that the company still plans to announce at least a few additional products before the end of the year. The following Apple products have at one point been rumored to be updated in 2025, although it is unclear if the timeframe for any of them has...
Read Full Article86 comments
Vision Pro M5 Announcement

Apple Updates Vision Pro With M5 Chip, Dual Knit Band, and 120Hz Support

Wednesday October 15, 2025 6:14 am PDT by
Apple today updated the Vision Pro headset with its next-generation M5 chip for faster performance, and a more comfortable Dual Knit Band. The M5 chip has a 10-core CPU, a 10-core GPU with Neural Accelerators, and a 16-core Neural Engine, and we have confirmed the Vision Pro still has 16GB of RAM. With the M5 chip, the Vision Pro offers faster performance and longer battery life compared...
Read Full Article253 comments
14 inch MacBook Pro Keyboard

New 14-Inch MacBook Pro Has Two Key Upgrades Beyond the M5 Chip

Thursday October 16, 2025 8:31 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro base model with an M5 chip, and there are two key storage-related upgrades beyond that chip bump. First, Apple says the new 14-inch MacBook Pro offers up to 2× faster SSD performance than the equivalent previous-generation model, so read and write speeds should get a significant boost. Apple says it is using "the latest storage technology," ...
Read Full Article64 comments
MacBook Pro M5 Screen

New MacBook Pro Does Not Include a Charger in the Box in Europe

Wednesday October 15, 2025 6:59 am PDT by
The new 14-inch MacBook Pro with an M5 chip does not include a charger in the box in European countries, including the U.K., Ireland, Germany, Italy, France, Spain, the Netherlands, Norway, and others, according to Apple's online store. In the U.S. and all other countries outside of Europe, the new MacBook Pro comes with Apple's 70W USB-C Power Adapter, but European customers miss out....
Read Full Article505 comments
airpods max 2024 colors

AirPods Max 2: Everything We Know So Far

Tuesday October 14, 2025 8:43 am PDT by
Apple's AirPods Max have now been available for almost five years, so what do we know about the second-generation version? According to Apple supply chain analyst Ming-Chi Kuo, the new AirPods Max will be lighter than the current ones, but exactly how much is as yet known. The current AirPods Max weigh 0.85 pounds (386.2 grams), excluding the charging case, making it one of the heavier...
Read Full Article90 comments
macbook pro blue

Apple's M5 MacBook Pro Imminent: What to Expect

Tuesday October 14, 2025 4:35 pm PDT by
Apple is going to launch a new version of the MacBook Pro as soon as tomorrow, so we thought we'd go over what to expect from Apple's upcoming Mac. M5 Chip The MacBook Pro will be one of the first new devices to use the next-generation M5 chip, which will replace the M4 chip. The M5 is built on TSMC's more advanced 3-nanometer process, and it will bring speed and efficiency improvements. ...
Read Full Article56 comments

Top Rated Comments

john123 Avatar
john123
10 months ago
I feel like this story ignores the larger point.

Gravy is far from the only player in this market. Who you are and where you’ve been is data that’s collected, harvested, and used all the time.

A hack means that more people have access to that data who shouldn’t. Yeah, that’s not good. But there are thousands of companies that have some of this data on you because they collected it — or paid for it — “legally.” That should be disconcerting for many people.
Score: 50 Votes (Like | Disagree)
Razorpit Avatar
Razorpit
10 months ago
In other words, ads are far more of a nuisance than we ever imagined possible.
Score: 45 Votes (Like | Disagree)
rp2011 Avatar
rp2011
10 months ago
It's only a matter of time until personal data collection becomes illegal to collect. It has been shown time and again that none of them can protect the user and, on the contrary, do a lot of harm.
Score: 18 Votes (Like | Disagree)
DrPeril Avatar
DrPeril
10 months ago
> apps that include FlightRadar, Grindr, and Tinder

Ok... what about a complete list of Apps so people can at least gain some idea of their level of exposure...
Score: 16 Votes (Like | Disagree)
oneMadRssn Avatar
oneMadRssn
10 months ago

Turning off app tracking in the Privacy and Security section of the iPhone's Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.
I also highly recommend people get an ad and tracker blocking DNS set up to further block such things on all devices and websites. The easiest is NextDNS ('https://nextdns.io/?from=3s7h3d98'), which is the best $20/year I spend probably. Other more complex solutions are PiHole or AdGuard Home.
Score: 14 Votes (Like | Disagree)
novagamer Avatar
novagamer
10 months ago
Surely this very website would never use third party telemetry or click tracker embeddings via referrals and advertisements which wind up as part of these data sets…once sold and resold (and resold…)

Pushback starts with people choosing not to use these invasive technologies which are almost never necessary, not the users.
Score: 13 Votes (Like | Disagree)
Read All Comments