Latest in Gear

Image credit: Getty Images/Blend Images

LocationSmart reportedly leaked phone location data onto the web

Oops.
245 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images/Blend Images

It's starting to feel like everyone in charge of our sensitive data might be incompetent. It's only been a day since Securus, the company that helps police track phones, was apparently hacked. Now, according to security site KrebsOnSecurity, tracking firm LocationSmart leaked real-time location data on its own web site.

LocationSmart aggregates real-time data on the location of subscribers' mobile phones. It's all opt-in, but Krebs reported that anyone could access this information for any AT&T, Sprint, T-Mobile and Verizon phones on the company's web site without a password or any other form of authentication. The vulnerability has been taken offline, said Krebs, but man what a mistake.

While LocationSmart customers gave their consent to have the company track their phones' location, they likely did not want anyone to know that information. The issue was initially found by Robert Xiao, a PhD candidate at Carnegie Mellon University. ""I stumbled upon this almost by accident, and it wasn't terribly hard to do," he said. "This is something anyone could discover with minimal effort. And the gist of it is I can track most peoples' cell phone without their consent."

LocationSmart Founder and CEO Mario Proietti told Krebs, "We don't give away data. "We make it available for legitimate and authorized purposes. It's based on legitimate and authorized use of location data that only takes place on consent. We take privacy seriously and we'll review all facts and look into them."

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
245 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Google Assistant gets new voice options in nine more languages

Google Assistant gets new voice options in nine more languages

View
HP's new ultrawide monitor can show two device's screens at once

HP's new ultrawide monitor can show two device's screens at once

View
HP Elite Dragonfly hands-on: A really light business notebook

HP Elite Dragonfly hands-on: A really light business notebook

View
Chinese retailers abruptly stop selling Juul e-cigarettes

Chinese retailers abruptly stop selling Juul e-cigarettes

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr