Location data sold by major cell providers is ending up in the hands of unauthorized individuals

Polycount

Posts: 2,821   +574
Staff member

To be clear, we're not implying carriers are selling your data directly to said individuals. Quite the opposite - cell providers are likely completely oblivious to the information's final destination.

For example, Motherboard journalist Joseph Cox managed to obtain live cell phone location data that had been exposed to a whopping "six different entities." T-Mobile sold the initial data to a "location aggregator" called Zumigo, who then shared it with "credit data and risk management" company Microbilt, which shared it with a "customer" using its mobile phone tracking service (a bounty hunter).

The bounty hunter then reportedly handed the data off to a "bail industry source," and it was finally passed along to Motherboard.

Though it may seem at first like the simplest solution to this problem is a blanket ban on all location data sales from mobile carriers, there could be unintended consequences to doing so. Roadside assistance companies, and other perfectly legitimate enterprises rely on data provided by firms like Zumigo to function.

So, where along the line was the data "compromised" in this case? Microbilt seems to be the company who deserves most of the scrutiny, as it allegedly allowed its ongoing device location monitoring service to be abused by a "rogue individual" who claimed to represent a "licensed" bail bond company.

For now, Microbilt's access to Zumigo data has been cut off, and T-Mobile has taken the "additional precaution" of blocking any Zumigo requests for data that are placed on behalf of Microbilt. However, that doesn't address the ongoing problem. Just because Microbilt's access has been cut off doesn't mean other, similar companies aren't offering similar (if not identical) services.

Furthermore, AT&T and Sprint have similar arrangements with companies like Zumigo, and location data is reportedly ending up in similar places.

For now, it's not clear how to solve this problem without causing quite a bit of collateral damage. However, merely being aware that these breaches of privacy are occurring is better than nothing.

Permalink to story.

 

brucek

Posts: 738   +1,004
TechSpot Elite
Let's get this fixed. Some brave journalist please buy and publish a month's worth of location data for say each of the senators that are on the committee that handles this issue (assuming this is legal, which is the exact problem we're trying to solve.) I bet we'd see legislation to fix it within the following week.

Or otherwise, as long as it only happens to regular people, we'll keep getting empty apologies and promises with little band-aids here and there but no real change to the overall situation.
 
S

senketsu

"cell providers are likely completely oblivious to the information's final destination."
well I'm sure not surprised and I'm just some average guy. This in fact is the entire problem with this behind the scenes data sharing. We've seen only the tip of the iceberg as the saying goes.