Hackers Claim Breach of Location Data Giant, Threaten to Leak Data
42 points by anarbadalov 4 days ago | 21 comments
  • imoverclocked 4 days ago |
    Searching Google for “Gravy Analytics breach” results in FTC action against said company for illegally tracking consumers. Among the results are mentions of HIPAA violations… which in 2025 USA is actually a really big deal.

    For all of the “but I have nothing to hide” crowd, you need to modify your slogan to, “but I have nothing to hide, right now.”

    • jimt1234 4 days ago |
      If you don't have something to hide, your life is lame. LOL

      Seriously, though, what would the HIPAA violation be for location data? Knowledge of someone going to a doctor's office doesn't sound like a HIPAA violation. AFAIK, violations only relate to what is communicated between doctors (and other healthcare professionals) and patients.

      • kjellsbells 4 days ago |
        Location data generated by your phone is not covered by HIPAA (source: [1]) whereas the location of a patient undergoing treatment is. Thus, there's nothing that stops a data broker inferring that you are visiting a psychiatrist or a reproductive health clinic and sharing that insight with buyers, but the clinic/doctor cant share that you were treated at such and such location since that is personal health information (PHI).

        The web page below has quite some discussion on what this means for patient privacy and how to disable certain location services on your phone.

        [1] https://www.hhs.gov/hipaa/for-professionals/privacy/guidance...)

    • from-nibly 4 days ago |
      I would like to add the following conditions to further illustrate how fraught that sentiment is. - from the people currently in power - from the laws as they currently stand - given my understanding of all the laws that exist - from a wacko down the street with a short fuse and weaponry

      Any else that I've missed?

      • imoverclocked 4 days ago |
        Sure, lots. Another might be: a future crazy ex that wants to know where you have been.
  • xnx 4 days ago |
    Part of me is hoping this leaks. Might be the only way to get people to care.

    It would also be a fascinating dataset to explore.

    • thot_experiment 4 days ago |
      I could easily lose weeks of my life analyzing a trove of data like this. I had a great time with the Twitch data a few years back.
      • donclark 4 days ago |
        I would like to hear more details about your adventure. Do you have a blog post or similar that you can share?
        • thot_experiment 4 days ago |
          I wrote one but never published it. I'm working on resurrecting the blog (writing an article right now) I appreciate the interest and I'll dig up the draft and publish it later this week.
          • internet101010 4 days ago |
            Please do. I find Twitch to be a fascinating corner of the internet. From the shared lingo via third-party emotes to the depressing TTS messages of the chatters, it's all gold.
    • JumpCrisscross 4 days ago |
      > Part of me is hoping this leaks. Might be the only way to get people to care

      How's that worked out for us the last billion times?

      • Crosseye_Jack 3 days ago |
        Maybe we should do a South Park with their TrollTrace plotline and make the data publicly available (maybe purposefully exclude the last 6-12 months of data for a little bit of secrecy), and watch the public rage while they can look up the movements of everyone they know!

        Though I don’t think that would even work, as people’s anger would be directed at the public directory rather then the source of the data and how it was gathered…

        (Edit: Don’t actually do this, as it could / probably will, do more harm than good. But until the majority of people get angry at such data collection, it will just continue to happen)

  • _DeadFred_ 4 days ago |
    Things like this were previous a pain, but now with AI being able to easily shift through these things to identify high value targets (adversary's military personnel, politicians/executives for blackmailers) maybe something will finally be done. Heck I bet if someone provided a weaponized AI platform to digest this information and float everything of interest in it to the top that might finally get something done.

    I think at some point the system needs to switch to aggregating violence/damage inflicted when it's against thousands/millions of people. A business can't just ruin one persons life without consequence. Slightly damaging millions of lives should rise to a similar level at some point.

    • nullc 4 days ago |
      Someone going after "high value" targets can just buy the data commercially.
      • qwertox 4 days ago |
        There was a related talk at the 38c3:

        Databroker Files: How Apps and Data Brokers Enable Mass Surveillance

        https://youtube.com/watch?v=3GmYJo2LqtA

      • _DeadFred_ 4 days ago |
        Sure, but I can't. But I can weaponize leaked/hacked data sets to bring attention and get the government to care since they don't currently seem to care about the data being collected nor it being laxly protected.
        • 486sx33 2 days ago |
          But if you had money you could. Register a new business, pay the broker, good to go.
    • TheJoeMan 4 days ago |
      If I recall, a senator's salacious 1G text messages getting captured spurred quite a bit of security development.
  • nullc 4 days ago |
    The real 'data breach' was that they had the data in the first place. The hacker is likely less of a threat to me than many of the parties they sold the data to before.
    • more_corn 3 days ago |
      That’s exactly what I’m thinking. We really need a national privacy law making tracking location data illegal.
  • nsoolo 4 days ago |
    I'm not surprised, these companies are so focused on selling people's data that they don't care about their security at all.