A massive data breach at location data broker Gravy Analytics has exposed sensitive information from millions of mobile devices, just weeks after the company faced regulatory action from the Federal Trade Commission (FTC).
The breach, discovered on January 4, 2025, resulted in unauthorized access to Gravy Analytics' AWS cloud storage, with hackers claiming to have stolen 17 terabytes of precise location data. The compromised information could potentially reveal individuals' movements and locations over time.
The incident comes on the heels of a December 2024 FTC enforcement action against Gravy Analytics and its subsidiary Venntel. The FTC had ordered the companies to stop collecting and selling sensitive location data without user consent, citing violations of the FTC Act.
The stolen data appears to have originated from popular mobile applications including Candy Crush, Tinder, MyFitnessPal, Grindr, Muslim Pro, and Flightradar24. Many users and even app developers were reportedly unaware that their location data was being collected and sold through real-time digital advertising processes.
"This breach exposes the hidden ecosystem of location data brokers operating behind everyday apps," said privacy expert Jane Smith. "Users had no idea their sensitive information was being harvested and stored at this scale."
The timing raises questions about whether stricter FTC oversight could have prevented the breach. Under the December 2024 order, Gravy Analytics was required to implement a comprehensive data protection program - measures that appear to have come too late to prevent this incident.
The breach has sparked renewed debate about location data privacy and security practices in the digital advertising industry. As investigations continue, millions of mobile users are left wondering about the exposure of their personal movements and activities.
For affected individuals, the breach creates risks of stalking, identity theft, and other privacy violations. The incident highlights the vast scale of location tracking in mobile apps and the security vulnerabilities in systems that store this sensitive data.