“Data Breach Exposes Location Information of Millions Using Popular Apps, Including Tinder and Grindr”

A recent data breach has exposed the precise location information of millions of users who use popular smartphone apps, including dating apps, games, email clients, and even period tracking apps. A hacker took responsibility for breaching Gravy Analytics, a data broker that collects and monetizes location data from iOS and Android applications. The breach allowed the hacker to access sensitive data, revealing users’ precise movements, including their home and workplace locations. The affected data came from both iOS and Android devices, although some iPhone users may have been protected due to a feature introduced with iOS 14.5.

The breach occurred on January 4, when the hacker accessed Gravy Analytics’ cloud storage using a “misappropriated key,” according to the company’s parent, Unacast, which reported the incident to Norwegian authorities. Although the scale of the breach remains unclear, a sample of the leaked data has shown tens of millions of location points, including sensitive locations such as military bases, the Kremlin, the White House, and the Vatican.

Baptiste Robert, CEO of Predicta Lab, who accessed a 1.4GB sample of the leaked data, stated that the breach also exposed information from 3,455 Android apps that leaked user data. These apps included well-known names like Tinder, Grindr, Candy Crush, MyFitnessPal, Subway Surfers, Tumblr, and even Microsoft 365.

The breach also raises concerns for Android and iOS users, as location data was linked to each device’s unique advertising ID. For Android, this is the Android Advertising ID (AAID), a 32-digit identifier that users can reset. iPhone users’ data is tied to the Identifier for Advertisers (IDFA), an alphanumeric string assigned to their devices. However, iPhone users might have been somewhat protected by Apple’s App Tracking Transparency feature, introduced in iOS 14.5, which limits how third-party apps can track users across different platforms.