Vulnerabilities discovered in hundreds of GPS services that could expose a host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services. The vulnerabilities include easy-to-guess passwords, exposed folders, insecure API endpoints, and insecure direct object reference (IDOR) issues. By exploiting these flaws, an unauthorized third party or hacker can get access to personal information collected by GPS-enabled devices, including GPS coordinates, phone numbers, device model and type information, IMEI numbers, and custom assigned names. Around 79 domains still remain vulnerable, and researchers do not know if these services will be fixed.
Source: https://thehackernews.com/2018/01/gps-location-tracking.html