Smartphones owe their intelligence to the vast ecosystem of apps and games they support. However, the very apps and games that millions rely on daily may not be as private or secure as we assume. According to a report by 404 Media published on January 9. The report highlights a recent data breach at Gravy Analytics, a location data broker, indicating that some of the most popular apps spy on their users by accessing their real-time locations. While the exact details of this data breach are yet to be known, the sample data published by the hacker includes popular titles like Candy Crush Saga and Tinder. According to the report, the hacker gained access to several terabytes of consumer data from Gravy Analytics, reportedly one of the largest collections of consumer data, accessed through the Amazon cloud environment. Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies. They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe. It's OSINT time! 👇 pic.twitter.com/sVlEEgEFcF — Baptiste Robert (@fs0c131y) January 8, 2025 This breach comes just weeks after the Federal Trade Commission (FTC) banned Gravy Analytics and its subsidiary Venntel for selling consumer location data without consent. The leaked database is said to contain over 30 million location data points, including devices located in the White House, Kremlin, Vatican City, and several military bases worldwide. Platforms like Gravy Analytics typically do not have direct deals with apps to collect user information. Instead, they often work with or act as, ad-serving agencies to gain access to user data on both Android and iOS devices. How to secure your personal data If your data has already been part of a breach, there isn't much you can do. However, to help prevent future breaches, you can disable all unnecessary permissions that an app or game requests during installation. If you are an iPhone user, always use the "Ask Apps Not to Track" feature.
