It's not the best thing when you realize that you can quite easily be tracked by a bounty hunter, but it's a reality.
An article published by Motherboard explained how a bounty hunter might get your data from companies such as T-Mobile, AT&T, and Sprint. The publication tested it by purchasing the capability on the black market for around $300.
The bounty hunter was armed worth only the phone number of the test device and no previous knowledge of its whereabouts. The process did, however, involve the hunter sending the information to a contact which then sent him a screenshot of the location. He even claimed that he could track most phones in the United States.
These services are sometimes sold via a word of mouth operation. This means that it's not something just anyone could do but is possible for anyone with the right contacts.
AT&T has responded to the release of the information by stating that it'll stop the sale of all location data to companies that act as middlemen between the telcos and clients in the supply chain. This is a good move on their part considering how bad this can turn out for the company. More specifically, people will just avoid using their products since they don't agree with having their location sold off.
Naturally, as a result of this entire fiasco, Senators Kamala Harris, Mark Warner, and Ron Wyden called on the FCC (Federal Communications Commission) to investigate the incident. This is a normal thing to do when there's the possibility of millions upon millions of cell phones being tracked without the consumer's knowledge. In fact, some Senators have called for regulation in the industry, which if implemented, could lead to the user actually knowing how their location data is sold.
This comes during a time where people are constantly in fear of who's looking at their data and for what reasons. One of the most recent cases involving data issues was with Facebook was reported to have been in September of 2018. The security issue is said to have impacted almost 50 million user accounts. At the time the breach basically enabled an attacker to see everything from a victim's account.