A California company is confirming that a flaw in its website allowed outsiders to pinpoint the location of nearly any mobile phone in the United States without authorization.
But LocationSmart, which gathers real-time data on cellular wireless devices, says it has no evidence that anyone exploited the vulnerability before May 16, when a security researcher at Carnegie Mellon discovered it.
Spokeswoman Brenda Schafer said via email Friday that LocationSmart is still seeking to verify that no location data was accessed without individual subscribers’ consent.
Schafer did not respond to questions about LocationSmart’s business practices or how long the flaw existed.
Privacy advocates say the case is the latest to underscore how easily wireless carriers can share or sell consumers’ geolocation information without their consent.