19 May US Tracking Firm Leaks Customer Location Data Without Consent
Security researcher Brian Krebs reported this week that data aggregator LocationSmart has leaked the location data of customers of all major US mobile carriers due to a buggy component on its website.
Krebs said the data had been leaked without the need for any password or other form of authentication or authorization, and without the knowledge of the affected customers. It is said that the data could have been used to pinpoint the location of any AT&T, Sprint, T-Mobile or Verizon device in the US with an accuracy of up to a few hundred yards.
The firm took the service offline after being informed by Krebs. However, the incident follows a similar involving another tracking company which was recently found to have been providing location data without the consent.
Source: Krebs on Security
