Around 200 million people had their real-time location exposed by LocationSmart
Earlier this week, it was reported that a company called LocationSmart partners with U.S. carriers to sell people's real-time location to all sorts of third parties. This news came as a rather unpleasant surprise on its own, but it's now been discovered that a bug on LocationSmart's website exposed the real-time location for around 200 million individuals.
According to ZDNet, LocationSmart used to feature a tool on its website that allowed you to try its tracking service before you bought it. With the consent of a friend or colleague, you could use LocationSmart's system to track their location for free. After entering your friend's number, they'd receive a text to confirm it was okay for their location to be tracked, and you'd be able to see where in the world they're at.
However, as noted by Robert Xiao, a Ph.D. student at Carnegie Mellon University —
What sort of bug are we talking about? Per ZDNet —
That "try" page has since been removed from LocationSmart's site, and according to a spokesperson from the company, "the vulnerability was not exploited prior to May 16, and did not result in any customer information being obtained without their permission."
Even so, this exploit potentially exposed the real-time location for around 200 million people in the United States and Canada and LocationSmart hasn't provided any evidence to back up its claim that no info was stolen.
All major U.S. carriers give your real-time location info to third parties
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
Joe Maring was a Senior Editor for Android Central between 2017 and 2021. You can reach him on Twitter at @JoeMaring1.