Location data sold by major cell providers is ending up in the hands of unauthorized individuals

[Polycount]

Lack of privacy: If you value the privacy of your personal data, a recent Motherboard report might make you feel a bit uneasy. The outlet claims major cell providers, such as AT&T, Sprint, and T-Mobile, are selling your live location data to third parties. Through a lengthy supply chain, that data is ending up in the hands of some shady characters, including bounty hunters.

To be clear, we're not implying carriers are selling your data directly to said individuals. Quite the opposite - cell providers are likely completely oblivious to the information's final destination.

For example, Motherboard journalist Joseph Cox managed to obtain live cell phone location data that had been exposed to a whopping "six different entities." T-Mobile sold the initial data to a "location aggregator" called Zumigo, who then shared it with "credit data and risk management" company Microbilt, which shared it with a "customer" using its mobile phone tracking service (a bounty hunter).

The bounty hunter then reportedly handed the data off to a "bail industry source," and it was finally passed along to Motherboard.

Though it may seem at first like the simplest solution to this problem is a blanket ban on all location data sales from mobile carriers, there could be unintended consequences to doing so. Roadside assistance companies, and other perfectly legitimate enterprises rely on data provided by firms like Zumigo to function.

So, where along the line was the data "compromised" in this case? Microbilt seems to be the company who deserves most of the scrutiny, as it allegedly allowed its ongoing device location monitoring service to be abused by a "rogue individual" who claimed to represent a "licensed" bail bond company.

For now, Microbilt's access to Zumigo data has been cut off, and T-Mobile has taken the "additional precaution" of blocking any Zumigo requests for data that are placed on behalf of Microbilt. However, that doesn't address the ongoing problem. Just because Microbilt's access has been cut off doesn't mean other, similar companies aren't offering similar (if not identical) services.

Furthermore, AT&T and Sprint have similar arrangements with companies like Zumigo, and location data is reportedly ending up in similar places.

For now, it's not clear how to solve this problem without causing quite a bit of collateral damage. However, merely being aware that these breaches of privacy are occurring is better than nothing.

Permalink to story.

https://www.techspot.com/news/78182-location-data-sold-major-cell-providers-ending-up.html

 

[Evernessince]

Expect this to get worse until laws are passed detailing how data may be shared.

 

[psycros]

No company needs to know your current location at all times. The fact that we tolerate this shows how apathetic and ignorant people are these days.

 

[Uncle Al]

Bring em in, lock em up!

 

[brucek]

Let's get this fixed. Some brave journalist please buy and publish a month's worth of location data for say each of the senators that are on the committee that handles this issue (assuming this is legal, which is the exact problem we're trying to solve.) I bet we'd see legislation to fix it within the following week.

Or otherwise, as long as it only happens to regular people, we'll keep getting empty apologies and promises with little band-aids here and there but no real change to the overall situation.

 

[senketsu]

"cell providers are likely completely oblivious to the information's final destination."
well I'm sure not surprised and I'm just some average guy. This in fact is the entire problem with this behind the scenes data sharing. We've seen only the tip of the iceberg as the saying goes.

 

[Impudicus]

Selling data I generate without paying me for it should be considered stealing in the first place.