T-Mobile, AT&T, and Sprint customer location data being bought by bounty hunters

microbilt-logo

T-Mobile was a part of a location data scandal last year in which a website allowed anyone to track the location of any phone, and now it looks like another location data issue has popped up in 2019.

A new report from Motherboard details how T-Mobile, Sprint, and AT&T are selling access to customer location data. Specifically in the case of T-Mobile, a bounty hunter was paid $300 and was able to get the a screenshot of the Google Maps location of a T-Mobile customer’s phone, including its approximate longitude and latitude, and a location accuracy range of around 500 meters.

The bounty hunter used a tool that utilizes real-time location data that originates from T-Mobile, AT&T, and Sprint and is sold from one party to another, eventually ending up in the hands on people like this bounty hunter. In this case, the customer location data originated from T-Mobile and was shared with an aggregator named Zumigo that then sells that info to a company called Microbilt. The report notes that when posing as a bail bondsman customer, Microbilt offered location data pricing as low as $4.95 per device and that real-time updates on a phone’s location could cost around $12.95.

microbilt-location-data-price

In its documentation, Microbilt suggested that its location service worked on all carriers, but the middleman that Motherboard worked with was not able or not willing to perform a search for a Verizon phone.

When contacted about this situation, Zumigo confirmed that it had given location data to Microbilt, but it said that “illegal access to data is an unfortunate occurrence across virtually every industry that deals in consumer or employee data” and added that it tries to protect privacy by adding in a measure of distance between half a mile and one mile from an actual address.

Meanwhile, Microbilt said that it requires anyone using its services to get consent of the consumer and that it was “unaware that its terms of use were being violated by the rogue individual that submitted the request under false pretenses,” which is the request in this Motherboard report. Microbilt says that it after learning of the incident, it terminated the customer’s access to its products.

But what about the carriers themselves? T-Mobile said that it takes the privacy of its customers “very seriously”. “While T-Mobile does not have a direct relationship with Microbilt, our vendor Zumigo was working with them and has confirmed with us that they have already shut down all transmission of T-Mobile data,” the carrier added. “T-Mobile has also blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt as an additional precaution.”

AT&T said that it cut access to Microbilt while it looks into the situation and Sprint stated that while it doesn’t have a relationship with Microbilt, it will “take appropriate action” if it determines that any of its customers do work with Microbilt and have violated the terms of their contract with Sprint.

This news is pretty frustrating, as T-Mobile CEO John Legere said last year that T-Mo would “not sell customer location data to shady middlemen”. This latest situation is a little different than the one from last year that allowed anyone to see the location of a phone by entering some simple data, but the fact that someone was able to pay a few hundred bucks to get the location of a cellphone is disconcerting. And while Microbilt may be losing its access to location data from the carriers, who knows when or if we might see this situation pop up again from another location aggregator.

You can read the full report on this matter at the link below.

Source: Motherboard

Tags: , , , , , ,

  • JStatt

    I don’t know, Legere saying “shady” middlemen seems like a pretty clear cop out wording.

  • blokeinusa

    As most Republicans would say, if you don’t have anything to hide, then why worry?

    • marque2

      Is that really Republican. Seems like it is a Democrat chant as well. Only ones who really object are libertarians and they have no power and seem OK with it if done by private companies.

    • Ben

      Just because a person feels like they have nothing to hide does not mean they should relinquish their Fourth Amendment Rights.

      • Adam

        Microbilt is not a government agency.

        • Ben

          This amendment is not limited to government agencies. Reasonable expectation of privacy applies to private entities as well.

        • Adam

          Can you point me to the case law you are talking about?

  • cnote7

    Why are they selling this information to anyone? I guess I’m going to have to start turning my GPS off.

    • g2a5b0e

      If you think turning your GPS off will stop them from discovering your location, you might want to do a little more research on how phones work.

  • steveb944

    Privacy doesn’t exist nowadays.

    • Ben

      That’s exactly what they want you to believe. We should not have accept in your digital life what we won’t accept in your actual/physical lives. Let’s not pretend these carriers are providing a free service.

      • steveb944

        True, but when not even major financial institutions care about it I think it’s an accountability issue across the board.

  • yankeesusa

    So… if our location isn’t private, then the user should monetize it. I wonder if that could ever be done.