US Telecoms Selling Cellphone Data Showing User Locations In Real Time

T-Mobile, Sprint, and AT&T are reportedly among the companies whose data is being used to track phone locations, leaving mobile network users exposed without their knowledge.

US telecommunication companies sell user data to aggregator companies who then sell this information in turn to their own customers. The data can then be re-sold on the black market, where it could fall into the hands of criminals, stalkers and others.

Motherboard reporter Joseph Cox paid a bounty hunter to geolocate a target’s T-Mobile phone in his investigation into the location tracking practice. The bounty hunter’s contact was able to track the phone to the correct Queens neighborhood within a few hundred meters of its location. This was done without any hacking or previous knowledge of the owner’s location.

Tracking the target

T-Mobile shared user location data with a data aggregator company called Zumigo, which shares information with another company called Microbilt. Microbilt sells phone geolocation services to a number of private industries, like property managers, bail bondsmen and roadside assistance, company documents and sources revealed to Motherboard.

Using just a phone number, the company’s Mobile Device Verify can bring up the target’s name, address and phone location, either in a specific instance or as a constant tracking service.

Finding a phone will set you back a mere USD 4.95, but if you sign up to a package to track more phones the cost per phone will fall. To track someone’s real-time location using their phone costs USD 12.95. In this case, a bounty hunter got a Microbilt customer to find the target’s phone, for $300.

Microbilt customers can sell on the information they pay for to other sources, meaning the data can end up in anyone’s hands. Motherboard reports bounty hunters also use the geolocation to track their own ex’s.

It’s part of a bigger problem; the US has a completely unregulated data ecosystem,” Frederike Kaltheuner, data exploitation programme lead at campaign group Privacy International, told the publication.

Our cell phones are constantly sending data to cell towers, so providers can send us calls and texts. This information allows the companies to have an idea of a cell phone’s location based on what cell tower it is near.

In many cases, consent is needed to track a phone, such as in the case of roadside assistance, who may send a text to the customer’s phone before they start to track them.

Telecoms’ responses

Microbilt has since removed documents related to its mobile phone location product from its website. A spokesperson said the company requires anyone using its mobile device verification services for fraud prevention to get consumer consent. They also said Microbilt was aware of the instance used to track the phone and said that upon learning of the case, it terminated that customer’s access to their products.

Meanwhile, Zumingo said that “illegal access to data is an unfortunate occurrence across virtually every industry that deals in consumer or employee data,” and that it protects privacy by not providing an exact location.

A spokesperson for T-Mobile said that it has been assured by Zumigo that “they have already shut down all transmission of T-Mobile data.”

“T-Mobile has also blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt as an additional precaution,” they added.―RT