A shocking new report has found hundreds of bounty hunters had access to highly sensitive user data – and it was sold to them by almost every major U.S. wireless carrier.
The practice was first revealed last month and, at the time, telecom firms claimed they were isolated incidents.
However, a Motherboard investigation has since discovered that’s far from the case. About 250 bounty hunters were able to access users’ precise location data.
In one case, a bail bond firm requested location data some 18,000 times.
AT&T, T-Mobile and Sprint sold the sensitive data, which was meant for user by 911 operators and emergency services, to location aggregators, who then sold it to bounty hunters, according to Motherboard.
The companies pledged last month to stop selling users’ location data to aggregators.
Location aggregators collect and sell user location data, sometimes to power services like bank fraud prevention and emergency roadside assistance, as well as online ads and marketing deals, which depend on knowing your whereabouts.
Motherboard discovered last month that bounty hunters were using the data to estimate a user’s location by looking at ‘pings’ sent from phones to nearby cell towers.
But it appears that the data was even more detailed than previously thought.
CerCareOne, a shadowy company that sold location data to bounty hunters, even claimed to collect assisted-GPS, or A-GPS, data.