- Discord allegedly used to lure teenager boy to Florida trailer housing sex slave Tuesday 7:36 PM
- Millie Bobby Brown has the wrong take on ‘You’ Tuesday 6:42 PM
- Why is Tony Stark missing from the ‘Spider-Man: Far From Home’ trailer? Tuesday 6:00 PM
- The creepy texts this woman received are eerily similar to Netflix’s ‘You’ Tuesday 4:20 PM
- Roku defends decision to host InfoWars amid online backlash (updated) Tuesday 4:04 PM
- Pump yourself up for ‘Game of Thrones’ season 8 with this masterfully edited hype video Tuesday 2:35 PM
- NBC asked reporters not to call Steve King’s comments ‘racist’ Tuesday 2:21 PM
- Disney files copyright claim on YouTuber’s Darth Vader film—and the creator is devastated Tuesday 2:18 PM
- The ’10 Year Challenge’ isn’t as fun for trans people Tuesday 1:25 PM
- New Nike shoes can be controlled from your smartphone Tuesday 1:06 PM
- Cardi B. jumps on 10-year challenge with high school performance of Lady Gaga song Tuesday 12:28 PM
- Parents, teachers cry foul over Verizon fee hike for popular education app Tuesday 11:57 AM
- Conservative men are kicking and screaming about Gillette’s new toxic masculinity ad Tuesday 11:23 AM
- Mysterio is hot now in the ‘Spider-Man: Far From Home’ trailer Tuesday 10:53 AM
- Netflix hikes prices on all subscription plans Tuesday 10:48 AM
Bounty hunters can easily track devices.
Anyone from bail bondsmen to bounty hunters can easily obtain such information, thanks to a complex network of companies with access to user location data sold by T-Mobile, Sprint, and AT&T.
The process, which doesn’t require a warrant or any special hacking tools, allowed Motherboard to track a T-Mobile phone by paying an anonymous bounty hunter just $300.
The bounty hunter responded with a Google Maps screenshot of the phone’s location with its longitude and latitude coordinates. The location was said to be accurate to within 0.3 miles, or roughly 500 meters. According to Motherboard’s Joseph Cox, the data made its way through six different entities before the bounty hunter was able to determine the phone’s location.
“T-Mobile shares location data with an aggregator called Zumigo, which shares information with Microbilt,” Cox writes. “Microbilt shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.”
Industry guidelines state that companies and individuals must gain consent from phone users before pinpointing their location. Such tracking is often used legally by roadside assistance firms in order to find stranded customers as well as financial companies looking to detect fraud.
“Microbilt buys access to location data from an aggregator called Zumigo and then sells it to a dizzying number of sectors, including landlords to scope out potential renters; motor vehicle salesmen, and others who are conducting credit checks,” Cox adds. “Armed with just a phone number, Microbilt’s ‘Mobile Device Verify’ product can return a target’s full name and address, geolocate a phone in an individual instance, or operate as a continuous tracking service.”
Motherboard was quoted roughly several hundred dollars when asking for location data from the bounty hunter, but the cost became increasingly cheaper higher up the chain. When Motherboard posed as a potential customer to Microbilt, the company revealed that “locating a phone can cost as little as $4.95 each if searching for a low number of devices.”
A Microbilt spokesperson responded to the story by stating that the company requires all its customers to obtain consent prior to using their services.
Zumigo, the company which provided the location data to Microbilt, stated that “illegal access to data is an unfortunate occurrence” in many industries. Zumigo also said it ceased its business relationship with Microbilt in light of the story.
T-Mobile, the CEO of which pledged last year not to sell customer location data “to shady middlemen,” stated that it has since “blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt.” AT&T and Sprint provided similar statements, while Verizon did not respond to requests for comment.
A bail industry source claimed that bounty hunters have used the services for personal reasons, like tracking the location of their girlfriends.
Sen. Ron Wyden (D-Ore.), a vocal champion of digital privacy rights, weighed in on the story by highlighting legislation to protect consumer data.
Major carriers pledged to end these practices, but it appears to have been more empty promises to consumers. It’s time for Congress to take action by passing my bill to safeguard consumer data and hold companies accountable. https://t.co/CKQJ04C3XX
— Ron Wyden (@RonWyden) January 8, 2019
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.