Tracking Firm Leaked U.S. Mobile Customer Location Data

A company that aggregates data about the location of U.S. mobile devices in real-time was found to have leaked the information — data which tracked every user of the four major mobile carriers in the country — through its website, according to a recent report.

By Alekcey-Elena / Shutterstock.com

The company, LocationSmart, leaked the information through its own website, according to KrebsOnSecurity. A “buggy component” on the site allowed access to this data “without the need for any password or other form of authentication or authorization.”

The discovery was made by Carnegie Mellon security researcher Robert Xiao, who found he could lookup mobile numbers through a LocationSmart demo tool which was available on the company’s site, with no credentials required.

LocationSmart reportedly took its service offline after KrebsOnSecurity contacted the company last week. The service “could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.”

Though the service, which used cell phone towers to track phones, is not as exact as GPS tracking, it was able to track users within 1.5 miles all the way down to 100 yards of an exact location, Xiao’s testing showed.

Third Party Troubles

There’s an obvious question mobile users could rightfully ask: why does this company have my location data, anyway? While the Krebs report notes that, “none of the major carriers would confirm or deny a formal business relationship with LocationSmart,” ZDNet claims that these cell carriers “are selling access to your real-time phone location data.”

Whatever the relationship of LocationSmart and your mobile carriers may be, there’s no denying that third-party access to any of your data weakens privacy — the more companies that have access to your data, the more possibilities there are for leaks and hacks. We’ve seen it before — recently on Facebook, for instance — and we’ll certainly see it again.

The only way to solve these issues are stronger consumer laws. These laws must clarify what portions of user data companies can share with each other, and those limits should be acceptable to customers. Otherwise, these incidents may only get worse.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews