A significant data breach at location data broker Gravy Analytics has exposed precise location information for millions of smartphone users. The company, which tracks over a billion devices daily through real-time ad bidding processes, confirmed that an unauthorized party accessed their AWS cloud storage environment using a misappropriated access key. The incident highlights ongoing concerns about cloud storage security and the vulnerability of sensitive location data.
The breach has affected users of numerous popular mobile applications, including dating apps Tinder and Grindr, gaming titles such as Candy Crush and Temple Run, and productivity tools like Microsoft’s 365 office app. Other affected applications include the transit app Moovit, MyFitnessPal fitness tracker, Tumblr social network, Yahoo’s email client, and various health-related apps including period and pregnancy trackers.
Initially reported by 404Media, the breach resulted in the exposure of customer lists and location data showing individuals’ precise movements, with some of this information appearing on private forums. The exposed location data contains non-anonymized information about users’ recent locations, raising significant privacy concerns in an era of increasing digital privacy regulations.
The incident follows a previous Federal Trade Commission (FTC) order that prohibited Gravy Analytics and its subsidiary Venntel from selling, disclosing, or using sensitive location data, citing potential privacy implications related to health information, political activity, and religious practices. The breach represents a significant violation of user privacy protections that the FTC has been increasingly focused on enforcing across the mobile technology sector.
iPhone users can implement several protective measures, including disabling app tracking through their device’s Privacy & Security settings and reviewing app permissions regularly. “Users who previously rejected an app’s tracking request have not had their data shared by that application,” said Baptiste Robert, CEO of Predicta Lab. The protection is part of Apple’s App Tracking Transparency framework, introduced in iOS 14.5 to give users more control over their data.
Security experts recommend additional protective measures, including regular device updates, the use of strong passwords, and enabling two-factor authentication where available. These recommendations match industry standards for mobile security and data protection, particularly as location data becomes increasingly valuable to advertisers and potentially vulnerable to unauthorized access.
Follow Us