Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Netflix invented binge watching. Now he may be over it.

The ‘first’ ransomware attack run by AI still needed a human

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026
  • Apps

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»A breach of Gravy Analytics’ vast trove of location data threatens the privacy of millions
Security

A breach of Gravy Analytics’ vast trove of location data threatens the privacy of millions

techtost.comBy techtost.com13 January 202507 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
A Breach Of Gravy Analytics' Vast Trove Of Location Data
Share
Facebook Twitter LinkedIn Pinterest Email

An intrusion and data breach at location data broker Gravy Analytics threatens the privacy of millions of people around the world whose smartphone apps inadvertently exposed location data collected by the data giant.

The full scale of the data breach is not yet known, but the alleged hacker has already released a large sample of location data from top consumer phone apps — including fitness and health, dating and transit apps, as well as popular games. The data represents tens of millions of location data points where people have been, live, work and travel to each other.

News of the breach broke last weekend when a hacker posted snapshots of location data on a closed Russian cybercrime forum, claiming to have stolen several terabytes of consumer data from Gravy Analytics. Independent news outlet 404 Media first reported the forum post alleging the apparent breach, which it claimed involved the historical location data of millions of smartphones.

Norwegian broadcaster NRK reported on January 11 that Unacast, the parent company of Gravy Analytics, disclosed the breach with the data protection authorities of the country as required by its law.

Unacast, founded in Norway in 2004, merged with Gravy Analytics in 2023 to create what was touted at the time as “one of the largest” collections of consumer location data. Gravy Analytics claims to monitor more than a billion devices worldwide every day.

In data breach notification filed in Norway, Unacast said it detected on Jan. 4 that a hacker obtained files from Amazon’s cloud environment through an “abused key.” Unacast said it was made aware of the breach by contacting the hacker, but the company did not elaborate. The company said its operations were briefly taken offline after the breach.

Unacast said in the release that it has also informed UK data protection authorities about the breach. Lucy Milburn, a spokeswoman for the UK’s Information Commissioner’s Office, confirmed to TechCrunch that the ICO “received a report from Gravy Analytics and is investigating.”

Unacast executives Jeff White and Thomas Walle did not return multiple emails from TechCrunch this week seeking comment. In a statement that is not attributed from a generic Gravy Analytics email account sent to TechCrunch On Sunday, Unacast acknowledged the breach, saying “its investigation remains ongoing.”

The Gravy Analytics website was still down at the time of writing. Several other domains related to Gravy Analytics also appeared to be down, according to checks by TechCrunch last week.

So far 30 million location data points have been leaked

Data privacy advocates have long warned about the risks that data brokers pose to individuals’ privacy and national security. Researchers with access to the sample Gravy Analytics location data released by the hacker say the information can be used to extensively track people’s recent locations.

Baptiste Robert, CEO of digital security firm Predicta Lab, which obtained a copy of the leaked data, said in a thread in X that the dataset contained more than 30 million location data points. These included devices located in the White House in Washington, DC. the Kremlin in Moscow; Vatican City? and military bases around the world. One of the maps that Robert shared showed the location data of Tinder users across the UK. In another postRobert demonstrated that it was possible to identify individuals who likely served as military personnel by overlaying the stolen location data with the locations of known Russian military installations.

A map showing Tinder users located across the UK.Image Credits:Baptiste Robert / X

Robert cautioned that the data also allows for easy de-anonymization of individuals. In one example, the data tracked a person as he traveled from New York to his home in Tennessee. Forbes reported on the risks which has the data set for LGBTQ+ users, whose location data from certain apps could identify them in countries that criminalize homosexuality.

News of the breach comes weeks after the Federal Trade Commission banned Gravy Analytics and its subsidiary Venntel, which provides location data to government agencies and law enforcement, from collecting and selling Americans’ location data without consumer consent. The FTC accused the company of illegally tracking millions of people in sensitive locations such as health care clinics and military bases.

Location data used by ad networks

Gravy Analytics sources much of its location data a process called real-time biddinga key part of the online advertising industry that determines during a short millisecond auction which advertiser can deliver their ad to your device.

During this near-instant auction, all bidding advertisers can see certain information about your device, such as the manufacturer and model type, its IP addresses (which can be used to infer the proximity to a person’s location) and, in some cases, more precise location data if provided by the application user, along with other technical factors that help determine which ad a user will be shown.

However, as a byproduct of this process, any advertiser who bids—or anyone closely monitoring those auctions—can also access this trove of so-called “bid stream” data that contains device information. Data brokers, including those who sell to governments, can combine this collected information with other data about those individuals from other sources to paint a detailed picture of someone’s life and where they live.

Analyzes of location data by security researchers, including Robert of Predicta Labreveal thousands of ad serving apps have shared, often unknowingly, bid flow data with data brokers.

The dataset contains data sourced from popular Android and iPhone apps, including FlightRadar, Grindr and Tinder — all of which have disclaimed any direct business links to Gravy Analytics, but have acknowledged ad serving. However, due to the nature of how the advertising industry operates, it is also possible for ad-serving apps to collect their users’ data without their explicit knowledge or consent.

As noted by 404 Mediait’s unclear how Gravy Analytics sourced its massive amounts of location data, such as whether the company collected the data itself or from other data brokers. 404 Media found that large amounts of location data were inferred from the device owner’s IP address, which is geo-located to approximate their actual location, rather than relying on the device owner allowing the app to access their exact GPS coordinates device.

What you can do to prevent ad tracking

Per digital rights group Electronic Frontier FoundationAd auctions happen on almost every website, but there are steps you can take to protect yourself from ad tracking.

Using an ad blocker — or content blocker at the mobile level — can be an effective defense against ad tracking by blocking ad code on websites from loading in the user’s browser in the first place.

Android devices and iPhones also have device-level features that make it harder for advertisers to track you across apps or on the web, and link your device’s pseudonymous data to your real-world identity. The EFF also has one good guide how to check these device settings.

If you have an Apple device, you can go to the Tracking options in your Settings and turn off the setting to track application requests. This resets your device’s unique identifier, making it indistinguishable from anyone else’s.

“If you turn off app tracking, your data isn’t shared,” Robert told TechCrunch.

Android users should go to the “Privacy” and then “Ads” section of their phone’s settings. If the option is available, you can delete the advertising ID to prevent any app on your phone from accessing your unique device ID in the future. Those without this setting should reset their advertising IDs regularly.

Preventing apps from accessing your exact location when not required will also help reduce your data footprint.

Updated with comment from the ICO.

Contact Zack Whittaker securely on Signal and WhatsApp at +1 646-755-8849. You can also share documents securely with TechCrunch through SecureDrop.

Analytics breach cyber attack cyber security data data broker data privacy Gravy Location millions mobile location data our government privacy threatens trove Vast
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleFloat Financial, which aims to be Canada’s Brex, raises $48.5M Series B
Next Article Xiaohongshu, China’s answer to Instagram, hits no. 1 on the App Store as TikTok faces shutdown in the US
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Netflix invented binge watching. Now he may be over it.

7 July 2026

The ‘first’ ransomware attack run by AI still needed a human

7 July 2026

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.