Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years
In January, Motherboard revealed that AT&T, T-Mobile, and Sprint were selling their customers’ real-time location data, which trickled down through a complex network of companies until eventually ending up in the hands of at least one bounty hunter. Motherboard was also able to purchase the real-time location of a T-Mobile phone on the black market from a bounty hunter source for $300. In response, telecom companies said that this abuse was a fringe case.
In reality, it was far from an isolated incident.
Around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data, with one bail bond firm using the phone location service more than 18,000 times, and others using it thousands or tens of thousands of times, according to internal documents obtained by Motherboard from a company called CerCareOne, a now-defunct location data seller that operated until 2017. The documents list not only the companies that had access to the data, but specific phone numbers that were pinged by those companies.
In some cases, the data sold is more sensitive than that offered by the service used by Motherboard last month, which estimated a location based on the cell phone towers that a phone connected to. CerCareOne sold cell phone tower data, but also sold highly sensitive and accurate GPS data to bounty hunters; an unprecedented move that means users could locate someone so accurately so as to see where they are inside a building. This company operated in near-total secrecy for over 5 years by making its customers agree to “keep the existence of CerCareOne.com confidential,” according to a terms of use document obtained by Motherboard.
Some of these bounty hunters then resold location data to those unauthorized to handle it, according to two independent sources familiar with CerCareOne’s operations.
https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years
= new reply since forum marked as read
A screenshot obtained by Motherboard of a phone being located via its GPS data. Motherboard has blurred and cropped parts of the image to protect individuals’ privacy. Image: Motherboard
CerCareOne’s phone tracking service was not a one-off tool for bounty hunters and bail agents. A list of a particular customer’s phone pings obtained by Motherboard stretches on for around 450 pages, with more than 18,000 individual phone location requests in just over a year of activity. The bail bonds firm that initiated the pings did not respond to questions asking whether they obtained consent for locating the phones, or what the pings were for.
Another set of data is more than 250 pages long and covers around 10,000 phone pings. Another list of a different bounty hunter’s activity includes nearly 1,000 phone location requests in less than a year; a third details more than 4,500 pings.
The location requests stretch from 2012 up to 2017, with some phones being located in quick succession multiple times over minutes, hours, and days, according to timestamps included in the documents.
“The scale of this abuse is outrageous,” Eva Galperin, director of cybersecurity at campaign group the Electronic Frontier Foundation, told Motherboard in an email.
