Nation and World News

Hacker claims breach of US location tracking company Gravy Analytics

By Raphael Satter and AJ Vicens Reuters | Thursday, January 9, 2025, 12:05 a.m.

An unknown hacker is claiming to have pulled off a heist at location tracking firm Gravy Analytics, according to screenshots of the boast circulating online.

It is not clear exactly how and under what circumstances the breach occurred. A Russian-language post and screenshots uploaded early Sunday to XSS, a site popular with attention-seeking cybercriminals, carried a claim that the company had been hacked and that large amounts of data were stolen.

ADVERTISING

Reuters could not immediately locate contact details for the party responsible for the posts, whose publication had been reported by tech outlet 404media.

Attempts to contact Ashburn, Virginia-based Unacast, which announced its merger with Gravy in 2023, were unsuccessful. Gravy’s website was down Wednesday, calls were not returned, emails to Unacast’s press account bounced back as undeliverable.

An expert who reviewed about 1.4 gigabyte of leaked data that was posted to the web around the same time as the hacking claim said the information did appear to have been taken from Gravy.

“It seems very legitimate,” said Marley Smith, the principal threat researcher at cyber intelligence company RedSense. She said she had seen passwords, GPS coordinates, and nonpublic company domains and email addresses sprinkled across the data and matched some details to information on social media.

“It passes the smell test 100 percent,” she said.

Gravy was one of two companies swept up in a recent crackdown by President Joe Biden’s administration on brokers who specialize in using cellular data to offer extraordinarily granular information on where individuals are at any given moment.

Such data can be used to tailor online advertising, or deployed for government and corporate surveillance. The Federal Trade Commission has expressed concern it could facilitate stalking, blackmail, and espionage. In December the FTC announced a settlement with Gravy and a second broker, Mobilewalla, accusing them both of engaging in deceptive practices by gathering location data without proper consent.

The FTC declined comment on the reported breach. In a statement released last month, FTC Chair Lina Khan said “the multi-billion-dollar industry built around targeted advertising may presently leave Americans’ sensitive data extraordinarily exposed.”

PREVIOUS STORY
Trump floats using force to take Greenland, Panama Canal

Leave a Reply

Your email address will not be published. Required fields are marked *

*

By participating in online discussions you acknowledge that you have agreed to the Star-Advertiser's TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. To report comments that you believe do not follow our guidelines, email hawaiiwarriorworld@staradvertiser.com.

Most Popular

Kona Local Business Guide

Featured Jobs

Featured Jobs