Customer location data and privacy is a focus in the mobile world again today as a new report has revealed that three major U.S. carriers have been selling their subscribers' location info.

In a lengthy report, Motherboard details how it paid a bounty hunter $300 to locate a T-Mobile phone using nothing by the phone number. That phone number was then sent to a contact who provided a screenshot of Google Maps with a blue circle showing the phone's location just a couple of blocks from where the person actually was. Also included was the approximate longitude and latitude coordinates of the device and the accuracy of the geolocation data, which was 0.3 miles.

The location data originated from T-Mobile, who shared it with aggregator Zumigo, who then sold it to Microbilt. That company then sells the data to many different entities, such as landlords and bail bondsmen. Using just the phone number, a person could use Microbilt's service to get a person's name, get the location of a phone, or continually track the device. The report also determined that AT&T and Sprint has been selling customer location data. As for Verizon, the middleman used could not or would not perform a search for a Verizon device.

When posing as a potential customer, Motherboard determined that Microbilt's pricing for locating a phone started at just $4.95. If you wanted to get real-time data on a phone's location, you'd have to pony up just $12.95.

When asked about this situation, Microbilt said that it requires anyone using its services for fraud prevention to get consent of the consumer. It added that it found an instance of abuse, the one mentioned earlier in this report, and that it was unaware that its terms of use were being violated. The company "does not approve of such use cases, and has a clear poolicy that such violations will result in a loss of access to all MicroBilt services and termination of the requesting party’s end-user agreement," it explained.

Zumigo confirmed that it provided location data to Microbilt but said that "illegal access to data is an unfortunate occurrence across virtually every industry that deals in consumer or employee data." Zumigo added that takes steps to protect consumer privacy by giving a measure of distance between 0.5 and 1 mile from an actual address.

T-Mobile said that it takes customer privacy and security "very seriously" and confirmed that its vendor Zumigo stopped transmitting T-Mobile data. "T-Mobile has also blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt as an additional precaution."

AT&T has cut access to Microbilt as it looks into this situation, and Sprint said that while it doesn't have a direct relationship with Microbilt, it will "take appropriate action" if it finds that any of the companies it's working with violate the terms of their contract.

This situation is pretty upsetting, as it sounds like people have easy access to a person's location data so long as they're willing to fork over a few hundred bucks. What's worse is that less than one year ago, we had another major location data scandal when the website of a company called LocationSmart had a bug that allowed anyone to track the real-time location of a cellphone. 

You can read the entire, in-depth report on this latest scandal at the link below.