U.S. location tracking company Gravy Analytics breached, claims hacker

An unknown hacker is claiming to have pulled off a heist at U.S. location tracking firm Gravy Analytics.

An unknown hacker is claiming to have pulled off a heist at U.S. location tracking firm Gravy Analytics, according to screenshots of the boast circulating online.

It is not clear exactly how and under what circumstances the breach occurred. A Russian-language post and screenshots uploaded early Sunday to XSS, a site popular with attention-seeking cybercriminals, carried a claim that the company had been hacked and that large amounts of data were stolen.

Reuters could not immediately locate contact details for the party responsible for the posts, whose publication had been reported by tech outlet 404media.

Attempts to contact location intelligence company Unacast, which announced its merger with Gravy in 2023, were unsuccessful. Gravy's website was down Wednesday and repeated messages were not returned. A man who answered the door at Unacast’s small office in an Ashburn, Virginia, coworking space said he was not authorised to speak to the media.

Experts who reviewed about 1.4 gigabytes of leaked data that was posted to the web around the same time as the hacking claim said the information did appear to have been taken from Gravy.

"It passes the smell test 100 percent," said Marley Smith, the principal threat researcher at cyber intelligence company RedSense.

John Hammond of cybersecurity firm Huntress came to a similar conclusion.