Engadget: US carriers say they’ve stopped selling location data. “You might not have to worry quite so much about carriers selling your phone location data to less-than-diligent third parties. AT&T, Sprint, T-Mobile and Verizon (Engadget’s parent company) have provided responses to FCC Commissioner Jessica Rosenworcel’s request for an update on the practice, with all four saying they’d halted sales to aggregators sometime after promising to do so back in June 2018. “
Ars Technica: Refunds for 300 million phone users sought in lawsuits over location-data sales. “The four major US wireless carriers are facing proposed class-action lawsuits accusing them of violating federal law by selling their customers’ real-time location data to third parties. The complaints seeking class action status and financial damages were filed last week against AT&T, Verizon, T-Mobile, and Sprint in US District Court for the District of Maryland.”
Motherboard: Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years. “Around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data, with one bail bond firm using the phone location service more than 18,000 times, and others using it thousands or tens of thousands of times, according to internal documents obtained by Motherboard from a company called CerCareOne, a now-defunct location data seller that operated until 2017. The documents list not only the companies that had access to the data, but specific phone numbers that were pinged by those companies.”
The Register: AT&T, Sprint, Verizon, T-Mobile US pledge, again, to not sell your location to shady geezers. Sorry, we don’t believe them. “US cellphone networks have promised – again – that they will stop selling records of their subscribers’ whereabouts to anyone willing to cough up cash.” I don’t believe them either.
Motherboard: I Gave a Bounty Hunter $300. Then He Located Our Phone. “T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.”
Engadget: Hackers gain access to millions of T-Mobile customer details. “T-Mobile has fallen foul of yet another cybersecurity issue. In a statement released this week the company said that an unauthorized entry into its network may have given hackers access to customer records, including billing ZIP codes, phone numbers, email addresses and account numbers. According to T-Mobile, the intrusion was quickly shut down, and no financial data, social security numbers or passwords were compromised.”
ZDNet: T-Mobile bug let anyone see any customer’s account details. “A bug in T-Mobile’s website let anyone access the personal account details of any customer with just their cell phone number. The flaw, since fixed, could have been exploited by anyone who knew where to look — a little-known T-Mobile subdomain that staff use as a customer care portal to access the company’s internal tools. The subdomain — promotool.t-mobile.com, which can be easily found on search engines — contained a hidden API that would return T-Mobile customer data simply by adding the customer’s cell phone number to the end of the web address.”