WASHINGTON, Jan 8 (Reuters) - An unknown hacker is

claiming to have pulled off a heist at location tracking firm

Gravy Analytics, according to screenshots of the boast

circulating online.

It is not clear exactly how and under what circumstances the

breach occurred. A Russian-language post and screenshots

uploaded early Sunday to XSS, a site popular with

attention-seeking cybercriminals, carried a claim that the

company had been hacked and that large amounts of data were

stolen.

Reuters could not immediately locate contact details for the

party responsible for the posts, whose publication had been

reported by tech outlet 404media.

Attempts to contact Ashburn, Virginia-based Unacast, which

announced its merger with Gravy in 2023, were unsuccessful.

Gravy's website was down Wednesday, calls were not returned,

emails to Unacast's press account bounced back as undeliverable.

An expert who reviewed about 1.4 gigabyte of leaked data

that was posted to the web around the same time as the hacking

claim said the information did appear to have been taken from

Gravy.

"It seems very legitimate," said Marley Smith, the principal

threat researcher at cyber intelligence company RedSense. She

said she had seen passwords, GPS coordinates, and nonpublic

company domains and email addresses sprinkled across the data

and matched some details to information on social media.

"It passes the smell test 100 percent," she said.

Gravy was one of two companies swept up in a recent

crackdown by President Joe Biden's administration on brokers who

specialize in using cellular data to offer extraordinarily

granular information on where individuals are at any given

moment.

Such data can be used to tailor online advertising, or

deployed for government and corporate surveillance. The Federal

Trade Commission has expressed concern it could facilitate

stalking, blackmail, and espionage. In December the FTC

announced a settlement with Gravy and a second broker,

Mobilewalla, accusing them both of engaging in deceptive

practices by gathering location data without proper consent.

The FTC declined comment on the reported breach. In a

statement released last month, FTC Chair Lina Khan said "the

multi-billion-dollar industry built around targeted advertising

may presently leave Americans' sensitive data extraordinarily

exposed."