{"id":87932,"date":"2025-01-08T14:47:06","date_gmt":"2025-01-08T14:47:06","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=87932"},"modified":"2025-01-08T14:47:07","modified_gmt":"2025-01-08T14:47:07","slug":"hackers-allegedly-stolen-17tb-of-data","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/hackers-allegedly-stolen-17tb-of-data\/","title":{"rendered":"Gravy Analytics Hacked – Attackers Allegedly Claiming 17TB Data Stolen"},"content":{"rendered":"\n

Hackers have claimed to have breached Gravy Analytics, a prominent location intelligence company, and its subsidiary Venntel.<\/p>\n\n\n\n

The attackers allege they have exfiltrated 17 terabytes of data, including sensitive customer information, industry insights, and smartphone location data that could reveal individuals’ precise movements.<\/p>\n\n\n\n

This breach has sparked alarm over the potential misuse of such data and its implications for privacy. The hackers announced their claim on the XSS cybercrime forum, sharing samples of the stolen data totaling 1.4GB.<\/p>\n\n\n\n

The leaked samples reportedly include historical smartphone location data with precise latitude and longitude coordinates, timestamps, and other sensitive details. <\/p>\n\n\n

\n
\"data
data leaked on hacker forum<\/figcaption><\/figure><\/div>\n\n\n

Screenshots posted by the attackers also suggest they gained root access to Gravy Analytics’ servers and control over its domains and Amazon S3 buckets, which are often used for large-scale data storage.<\/p>\n\n\n\n

The hackers warned Gravy Analytics that they would begin publishing the stolen data if the company did not respond within 24 hours. <\/p>\n\n\n\n

As of January 8, 2025, Gravy Analytics’ website remains offline, adding to speculation about the company’s response to the breach.<\/p>\n\n\n

\n
\"Website
Website Down<\/figcaption><\/figure><\/div>\n\n\n

Gravy Analytics specializes in collecting and analyzing anonymized location signals from mobile devices to provide insights for businesses. <\/p>\n\n\n\n

Its subsidiary Venntel has been known to sell location data to U.S. government agencies, including the Department of Homeland Security (DHS), Internal Revenue Service (IRS), and Federal Bureau of Investigation (FBI). <\/p>\n\n\n\n

These agencies have used such data for various purposes, including immigration enforcement. However, Gravy Analytics has faced criticism for its data practices. <\/p>\n\n\n\n

In December 2024, the Federal Trade Commission (FTC) accused Gravy Analytics and Venntel of violating consumer privacy laws by collecting and selling sensitive location data without obtaining proper user consent. <\/p>\n\n\n\n

The FTC alleged that the companies continued using consumer data even after discovering that consent had not been granted. <\/p>\n\n\n\n

They were also accused of selling information related to visits to sensitive locations such as healthcare facilities, religious sites, and political gatherings.<\/p>\n\n\n

\n
\"Data<\/figure><\/div>\n\n\n

The potential fallout from this breach is immense. Experts warn that if the stolen bulk location data is sold on underground markets or made public, it could lead to severe privacy violations. <\/p>\n\n\n\n

Researcher Baptiste Robert shared \u201chared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.\u201d<\/p>\n\n\n\n

\n

Hackers claim to have breached Gravy Analytics, a US location data broker selling to government agencies.

They shared 3 samples on a Russian forum, exposing millions of location points across the US, Russia, and Europe.

It's OSINT time! \ud83d\udc47 pic.twitter.com\/sVlEEgEFcF<\/a><\/p>— Baptiste Robert (@fs0c131y) January 8, 2025<\/a><\/blockquote>