Header Ads

Location data sold by major cell providers is ending up in the hands of unauthorized individuals


If you value the privacy of your personal data, a recent Motherboard report might make you feel a bit uneasy. The outlet claims major cell providers, such as AT&T, Sprint, and T-Mobile, are selling your live location data to third parties. Through a lengthy supply chain, that data is ending up in the hands of some shady characters, including bounty hunters.
To be clear, we're not implying carriers are selling your data directly to said individuals. Quite the opposite - cell providers are likely completely oblivious to the information's final destination.
For example, Motherboard journalist Joseph Cox managed to obtain live cell phone location data that had been exposed to a whopping "six different entities." T-Mobile sold the initial data to a "location aggregator" called Zumigo, who then shared it with "credit data and risk management" company Microbilt, which shared it with a "customer" using its mobile phone tracking service (a bounty hunter).
The bounty hunter then reportedly handed the data off to a "bail industry source," and it was finally passed along to Motherboard.
Though it may seem at first like the simplest solution to this problem is a blanket ban on all location data sales from mobile carriers, there could be unintended consequences to doing so. Roadside assistance companies, and other perfectly legitimate enterprises rely on data provided by firms like Zumigo to function.
So, where along the line was the data "compromised" in this case? Microbilt seems to be the company who deserves most of the scrutiny, as it allegedly allowed its ongoing device location monitoring service to be abused by a "rogue individual" who claimed to represent a "licensed" bail bond company.
For now, Microbilt's access to Zumigo data has been cut off, and T-Mobile has taken the "additional precaution" of blocking any Zumigo requests for data that are placed on behalf of Microbilt. However, that doesn't address the ongoing problem. Just because Microbilt's access has been cut off doesn't mean other, similar companies aren't offering similar (if not identical) services.
Furthermore, AT&T and Sprint have similar arrangements with companies like Zumigo, and location data is reportedly ending up in similar places.
For now, it's not clear how to solve this problem without causing quite a bit of collateral damage. However, merely being aware that these breaches of privacy are occurring is better than nothing.

No comments:

Powered by Blogger.