A US-based location data broker, Gravy Analytics, suffered a major data breach in early January 2025, exposing millions of users' location data. The hacker, believed to be a Russian cybercriminal, demanded a ransom and posted a sample of the stolen data on a cybercrime forum, raising serious security and privacy concerns.

Location data is highly valuable and potentially intrusive as it provides detailed insights into individuals' movements and behaviours which, when combined with other information, can give rise to serious risk to individuals. Gravy Analytics is understood to track more than a billion devices globally, collecting over 17 billion signals from smartphones daily. This data is used to create detailed profiles of individuals, including their home, work, and other frequently visited locations. Such granular data is a goldmine for advertisers (and governments), enabling them to target them with precision. 

However, the data is also a treasure trove for malicious actors, and this breach is alarming because the location data allegedly reveals intimate details like visits to health clinics or places of worship. Precise coordinates can identify individuals, posing significant privacy risks and potential misuse. The Federal Trade Commission's (FTC) complaint in December 2024 noted that "location data can expose sensitive information such as medical conditions, sexual orientation, political activities, and religious beliefs." 

Whilst details are unclear, it is understood that the breach has affected thousands of apps, including well known dating, fitness and news apps, highlighting the potential for widespread exposure when a single data broker is compromised. 

This incident serves as a stark reminder for companies and developers to ensure that they have a strong grasp on what data is collected via their apps and why. It is imperative to fully audit third-party integrations and technologies to ensure that robust security measures are in place – and to remove any technologies unless there is a clear use case for their use and any risks are addressed. 

Now may be a good time to conduct an audit of your app, and if you need any help examining the technologies that are used in your apps please don't hesitate to get in touch.