Carriers sell information about you to data aggregators, which normally require the user to consent before selling it on further. But some third parties opted to sell information, like people's whereabouts, on to bodies such as bail bond companies, bounty hunters and landlords. In its original report, Motherboard paid an bounty hunter $300 to get the location of a phone to within a few hundred meters.
Since then, new evidence has come to light claiming that other companies, including one named CerCareOne, sold A-GPS data. Rather than giving a person's position to within a third of a mile, it could potentially pinpoint them within a building. And that it was used on a regular basis to enable bodies to track down individuals who had failed to satisfy their bail bond, behind on their rent or just because.
CerCareOne also jealously guarded its own existence, insisting that anyone who dealt with it kept quiet about it. It's worth noting that these features are designed to be used by law enforcement agencies, which have a series of checks and balances. This commercial use is concerning, even though bail bond companies said they had clauses in their contract permitting electronic tracking.
The carriers involved, AT&T, Sprint and T-Mobile (Verizon, which owns Engadget, doesn't appear to offer a similar service) have all affirmed that they will end the practice of re-selling data. And it's worth reading Motherboard's story for all of the deeply troubling details about how the information you thought was private, really isn't.