Data Broker Hack Exposes Location Info From Millions of iPhone Users

by

Data broker Gravy Analytics has been hacked, and location information from millions of iPhone and Android users is at risk, reports TechCrunch. Gravy Analytics' parent company Unacast disclosed the data breach earlier this month [PDF], and said that its AWS cloud storage environment had been accessed by an unauthorized person using a "misappropriated access key."

apple security banner
"Some files" were obtained, and preliminary findings suggest those files "could contain personal data" collected from users of third-party services that use Gravy Analytics. According to 404Media, hackers are claiming to have customer lists and location data from smartphones that shows peoples' precise movements, with millions of users affected. Some of that data, which does indeed include the historical location of smartphones, has been published on private forums.

Gravy Analytics says that it tracks more than a billion devices around the world daily, and security researchers that saw a sample of the data collected by Gravy Analytics confirmed that the information can be used to track a person's recent locations, with no anonymization.

In December, the United States Federal Trade Commission (FTC) prohibited Gravy Analytics and its subsidiary Venntel from selling, disclosing, or using sensitive location data in any product or service. The FTC warned that the two companies exposed consumers to privacy harms that could include disclosure of health information, political activity, and religious practices, and put people at risk of stigma, discrimination, violence and other harms.

The order required Gravy Analytics to delete all historic location data and any data products developed using data collected from consumers, but it was apparently too late because the company's systems had likely already been breached at the time.

Gravy Analytics collects location data through a real-time ad bidding process that allows companies competing to buy an ad to see customer IP address and more precise location data if enabled. Gravy Analytics' database had location data from ‌iPhone‌ apps that include FlightRadar, Grindr, and Tinder, and while the apps did not have a direct relationship with the data broker, user location information was collected through their ads.

Turning off app tracking in the Privacy and Security section of the ‌iPhone‌'s Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.

Baptiste Robert, CEO of security firm Predicta Lab, told TechCrunch that ‌iPhone‌ users that had app tracking disabled did not have their data shared.

Popular Stories

Apple Wallet ID Illinois

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Wednesday December 24, 2025 8:40 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article66 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article98 comments
maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article180 comments
airpods color prototypes

Apple Tested AirPods in Bright Colors

Saturday December 27, 2025 6:06 am PST by
Apple reportedly tested a version of the first-generation AirPods with bright, iPhone 5c-like colored charging cases. The images, shared by the Apple leaker and prototype collector known as "Kosutami," claim to show first-generation AirPods prototypes with pink and yellow exterior casings. The interior of the charging case and the earbuds themselves remain white. They seem close to some...
Read Full Article74 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
maxresdefault

10 Mac Apps Worth Trying in 2026

Wednesday December 24, 2025 9:27 am PST by
2026 is almost upon us, and a new year is a good time to try out some new apps. We've rounded up 10 excellent Mac apps that are worth checking out. Subscribe to the MacRumors YouTube channel for more videos. Alt-Tab (Free) - Alt-Tab brings a Windows-style alt + tab thumbnail preview option to the Mac. You can see a full window preview of open apps and app windows. One Thing (Free) -...
Read Full Article101 comments
top stories 2025 12 27

Top Stories: iPhone Fold Mockup, Where's the New Apple TV?, and More

Saturday December 27, 2025 6:00 am PST by
Merry Christmas and Happy Holidays from MacRumors! News in the Apple world has unsurprisingly been relatively slow over the past week, but Apple's upcoming foldable iPhone managed to make its way back into the news, while we also shared updates on current and future Apple TV news. iOS 26.3 will be bringing some new features, particularly for users in the EU, so we'll look for additional...
Read Full Article16 comments

Top Rated Comments

john123 Avatar
john123
13 months ago
I feel like this story ignores the larger point.

Gravy is far from the only player in this market. Who you are and where you’ve been is data that’s collected, harvested, and used all the time.

A hack means that more people have access to that data who shouldn’t. Yeah, that’s not good. But there are thousands of companies that have some of this data on you because they collected it — or paid for it — “legally.” That should be disconcerting for many people.
Score: 50 Votes (Like | Disagree)
Razorpit Avatar
Razorpit
13 months ago
In other words, ads are far more of a nuisance than we ever imagined possible.
Score: 45 Votes (Like | Disagree)
rp2011 Avatar
rp2011
13 months ago
It's only a matter of time until personal data collection becomes illegal to collect. It has been shown time and again that none of them can protect the user and, on the contrary, do a lot of harm.
Score: 18 Votes (Like | Disagree)
DrPeril Avatar
DrPeril
13 months ago
> apps that include FlightRadar, Grindr, and Tinder

Ok... what about a complete list of Apps so people can at least gain some idea of their level of exposure...
Score: 16 Votes (Like | Disagree)
oneMadRssn Avatar
oneMadRssn
13 months ago

Turning off app tracking in the Privacy and Security section of the iPhone's Settings app keeps ads from being able to obtain a unique device identifier to link location data to a specific device, and preventing apps from using precise location data is also a way to preserve more privacy.
I also highly recommend people get an ad and tracker blocking DNS set up to further block such things on all devices and websites. The easiest is NextDNS ('https://nextdns.io/?from=3s7h3d98'), which is the best $20/year I spend probably. Other more complex solutions are PiHole or AdGuard Home.
Score: 14 Votes (Like | Disagree)
novagamer Avatar
novagamer
13 months ago
Surely this very website would never use third party telemetry or click tracker embeddings via referrals and advertisements which wind up as part of these data sets…once sold and resold (and resold…)

Pushback starts with people choosing not to use these invasive technologies which are almost never necessary, not the users.
Score: 13 Votes (Like | Disagree)
Read All Comments