In 2017, a string of reports revealed that data-brokers were acquiring and linking titanic sets of location data from apps and mobile carriers and mining that data (and sometimes selling it outright). The carriers promised they'd end the practice, but they were lying. A year later, fresh reports surfaced of both app- and carrier-derived location data being sold, often by companies whose lack of elementary security meant that the data was effectively available to anyone. Then we learned that carriers were supplying fine-grained, realtime location data that was ending up in the hands of bounty hunters, skip tracers, and crooks and stalkers (naturally Ajit Pai's FCC had helped them get away with it0. Read the rest

No one knows who owns the Google Cloud drive that exposed 1.2 billion user records, seemingly merged from data-brokers like People Data Labs and Oxydata, who may have simply sold the data to a customer that performed the merge operation and then stuck the resulting files on an unprotected server, which was discovered in October by researcher Vinny Troia using Binaryedge and Shodan. Read the rest