To no one's surprise, the carriers maintained that their sales only allowed specific uses. AT&T's terms required "approved use cases" and deletion of info, while Verizon said it had a "detailed process" for clearing and screening aggregators' customers. Sprint was less specific, but said it allowed aggregators to hold on to data for long enough to provide an "adequate response" and limited their access to just the information needed to fulfill their contracts.
It's not certain those since-ended sales were legal, though. As Ars Technica observed, the Communications Act forbids phone companies from disclosing or using location info without explicit permission from customers. There's no clear indication the networks obtained consent -- customers certainly didn't intend for the information to reach the hands of bounty hunters.
You might not get a timely response from the FCC, either. Rosenworcel wrote that the FCC had been "totally silent" about reports of companies selling location data, and Chairman Ajit Pai deferred responsibility to recently appointed commissioner Geoffrey Starks despite holding control of the investigation. Carriers may have eventually done more to respect customer privacy, but there's no guarantee they'll face punishment if they abused their power.