In January, Motherboard reported that three of the four major carriers, T-Mobile, Sprint and AT&T, are selling access to their customers’ location data to companies known as location aggregators. This data is ending up in the hands of bounty hunters and other unauthorized sources, according to the account, allowing them to track most phones in the country.
To test the process, a Motherboard reporter paid a bounty hunter a few hundred dollars, provided a phone number and was quickly able to obtain the location of the phone, down to a specific neighborhood.
The bounty hunter provided a screenshot for the location of the T-Mobile phone that was being tracked.
The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relied on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, according to Motherboard.
Wireless carriers, in response, said that these situations are uncommon and represent a fringe issue. However, according to a follow-up story from Motherboard, the problem is bigger than originally thought…with hundreds of people buying user data by the tens-of-thousands for relatively low prices from various companies.
Android Authority reported one such company, CerCareOne — which shut down in 2017 — obtained information from Locaid/LocationSmart, which gathers user location data from wireless carriers legally, reselling it to other companies. CerCareOne then resold directly to bounty hunters and bail bonds firms.
Bounty hunters would pay prices as high as $1,100 for user location data and in some cases, bounty hunters had access to GPS data, enabling them to pinpoint the nearly-exact location a person was at any given time.
Motherboard reported it exposed another company, Microbilt, which also sells phone geolocation services with little oversight to a spread of different private industries. Additionally, LocationSmart faced harsh criticism in 2018, for selling data that ultimately ended up in the hands of Securus, a company which provided phone tracking to low-level enforcement without requiring a warrant. LocationSmart also exposed the very data it was selling through a buggy website panel, meaning anyone could geolocate nearly any phone in the United States at a click of a mouse, reported Android Authority.
Motherboard says its investigation shows how exposed mobile networks and the data they generate are, leaving them open to surveillance by citizens, stalkers, and criminals, and comes as media and policymakers are paying more attention to how location and other sensitive data is collected and sold. Comments? Email Us.
February 11, 2019