An unknown hacker is claiming responsibility for a breach at U.S. location tracking company Gravy Analytics, with screenshots of the boast circulating online. The breach details remain unclear, but a Russian-language post and screenshots uploaded early Sunday to XSS, a site frequented by cybercriminals, allege that the company was hacked, and large volumes of data were stolen.
Gravy Analytics, which merged with Unacast in 2023, has not commented on the situation. Attempts to contact both Gravy and Unacast were unsuccessful, and Gravy’s website was down on Wednesday. The leaked data, around 1.4 gigabytes, has been reviewed by experts who have confirmed its authenticity, raising concerns that the breach is legitimate.
This hack follows recent scrutiny from the U.S. government over companies, including Gravy, that collect and sell highly detailed location data. The Federal Trade Commission (FTC) had previously settled with Gravy Analytics and another broker, Mobilewalla, over deceptive practices in gathering location data without proper consent. The FTC has raised alarms over the vulnerability of Americans’ sensitive data, especially in the context of targeted advertising and surveillance.
