Click to Skip Ad
Closing in...

Bombshell report reveals how location data from carriers often ends up in the wrong hands

Published Jan 8th, 2019 11:05PM EST
Location Data
Image: AP/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A new bombshell report from Joseph Cox over at Motherboard details how carriers like Sprint, AT&T, and T-Mobile are all in the business of selling real-time location data of subscribers. While this in and of itself isn’t a new development, Motherboard reveals that this location data far too often ends up in the hands of bounty hunters who are willing to give up an individual’s location for the right price.

Cox himself used himself as a guinea pig of sorts and paid a bounty hunter $300 to help him track down the location of a friend who agreed to be part of the experiment. The bounty hunter, armed with only the phone number of the target, was able to track down the target’s location to a hyper-specific area and sent a snapshot of the location via Google Maps.

“The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts,” the report reads. “Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found.”

Again, it’s never been a secret that carriers provide location tracking to authorized third-parties in specific scenarios. For example, a carrier might allow a bank access to a user’s real-time location as a means to better detect fraud. The problem, naturally, is that this data inevitably ends up in the wrong hands. And speaking to the number of players with access to said data, Cox reveals that upwards of six third-parties had access to the target’s location.

In the case of the phone we tracked, six different entities had potential access to the phone’s data. T-Mobile shares location data with an aggregator called Zumigo, which shares information with Microbilt. Microbilt shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.

And though Cox paid $300 for his experiment, sometimes a phone can be tracked for as little as $5.

It’s also interesting that this experiment was done with a T-Mobile device given that John Legere this past June pledged that his company “will not sell customer location data to shady middlemen.”

The entire report is rather eye-opening and is well worth reading. It can be found over here.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.