- These high school theater kids put on a totally awesome ‘Alien’ play Saturday 3:59 PM
- Behold these photos of Elon Musk, but with Elizabeth Holmes’ eyes Saturday 3:11 PM
- Barbra Streisand gets canceled over remarks about Michael Jackson’s alleged victims Saturday 2:09 PM
- Report: Florida man raped Texas teen after posing as Instagram celeb Saturday 12:14 PM
- Lori Loughlin’s daughters, Olivia and Isabella, could be banned from USC forever Saturday 11:46 AM
- ‘Starfish’ is a heartbreaking tale of BFFs, grief, and apocalyptic alien invasions Saturday 10:35 AM
- How to stream UFC Fight Night 148 for free Saturday 10:00 AM
- The kids are making scantron memes instead of studying Saturday 9:29 AM
- Every installment of Hulu’s ‘Into the Dark,’ ranked Saturday 6:00 AM
- The internet is mocking Robert Mueller’s report deadline Friday 7:53 PM
- Instagram blocks some anti-vax hashtags—but still has far to go Friday 6:20 PM
- Study: Netflix released more originals than licensed titles last year Friday 2:26 PM
- Laura Ingraham, Dinesh D’Souza slam journalist for having a job Friday 1:40 PM
- Netflix is testing a cheap-as-hell mobile-only plan Friday 1:08 PM
- Astrology app Co-Star’s bizarre push notifications are now a meme Friday 12:18 PM
Bounty hunters can easily track devices.
Anyone from bail bondsmen to bounty hunters can easily obtain such information, thanks to a complex network of companies with access to user location data sold by T-Mobile, Sprint, and AT&T.
The process, which doesn’t require a warrant or any special hacking tools, allowed Motherboard to track a T-Mobile phone by paying an anonymous bounty hunter just $300.
The bounty hunter responded with a Google Maps screenshot of the phone’s location with its longitude and latitude coordinates. The location was said to be accurate to within 0.3 miles, or roughly 500 meters. According to Motherboard’s Joseph Cox, the data made its way through six different entities before the bounty hunter was able to determine the phone’s location.
“T-Mobile shares location data with an aggregator called Zumigo, which shares information with Microbilt,” Cox writes. “Microbilt shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.”
Industry guidelines state that companies and individuals must gain consent from phone users before pinpointing their location. Such tracking is often used legally by roadside assistance firms in order to find stranded customers as well as financial companies looking to detect fraud.
“Microbilt buys access to location data from an aggregator called Zumigo and then sells it to a dizzying number of sectors, including landlords to scope out potential renters; motor vehicle salesmen, and others who are conducting credit checks,” Cox adds. “Armed with just a phone number, Microbilt’s ‘Mobile Device Verify’ product can return a target’s full name and address, geolocate a phone in an individual instance, or operate as a continuous tracking service.”
Motherboard was quoted roughly several hundred dollars when asking for location data from the bounty hunter, but the cost became increasingly cheaper higher up the chain. When Motherboard posed as a potential customer to Microbilt, the company revealed that “locating a phone can cost as little as $4.95 each if searching for a low number of devices.”
A Microbilt spokesperson responded to the story by stating that the company requires all its customers to obtain consent prior to using their services.
Zumigo, the company which provided the location data to Microbilt, stated that “illegal access to data is an unfortunate occurrence” in many industries. Zumigo also said it ceased its business relationship with Microbilt in light of the story.
T-Mobile, the CEO of which pledged last year not to sell customer location data “to shady middlemen,” stated that it has since “blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt.” AT&T and Sprint provided similar statements, while Verizon did not respond to requests for comment.
A bail industry source claimed that bounty hunters have used the services for personal reasons, like tracking the location of their girlfriends.
Sen. Ron Wyden (D-Ore.), a vocal champion of digital privacy rights, weighed in on the story by highlighting legislation to protect consumer data.
Major carriers pledged to end these practices, but it appears to have been more empty promises to consumers. It’s time for Congress to take action by passing my bill to safeguard consumer data and hold companies accountable. https://t.co/CKQJ04C3XX
— Ron Wyden (@RonWyden) January 8, 2019
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.