Who's Buying Your Personal Data Online?

Data brokers are selling your name, address, income estimate, and daily movements to anyone willing to pay, including scammers and stalkers. Most people have profiles on over 200 broker sites without knowing it. You can start removing them today, but the window to act is narrowing.

Who's Buying Your Personal Data Online?
Quick Answer
Data brokers are a $300 billion industry collecting your address, phone number, income bracket, health interests, and daily location patterns, then selling them to marketers, insurance companies, bail bondsmen, private investigators, and scammers. You have a profile on over 200 of these sites right now. Tools like Optery can automate removal requests, but you have to start the process.

The Marketplace You Never Agreed to Join

$300 billion global data broker market size in 2024

Acxiom holds data on roughly 2.5 billion people worldwide and sells it to Fortune 500 brands, political campaigns, and debt collectors. You didn't sign up. You were never asked. Your profile was assembled from public records, store loyalty cards, app permissions, social media activity, and credit header data.

Data brokers operate in four main categories.

**People-search sites** (Spokeo, BeenVerified, Whitepages) sell your address, relatives, criminal records, and phone number to anyone with a credit card.

**Marketing data brokers** (Acxiom, Experian Marketing Services, Oracle Data Cloud) sell behavioral profiles to advertisers, insurers, and employers.

**Risk and fraud brokers** (LexisNexis, Equifax Workforce Solutions) sell to landlords, lenders, and background check companies.

**Location data brokers** (Outlogic, formerly X-Mode; SafeGraph) sell raw GPS movement data harvested from apps on your phone.

The buyers aren't just annoying advertisers. The FTC found in 2023 that data brokers sold consumer data to scammers who used it to craft highly targeted fraud calls. Your name, your recent purchase history, and your estimated net worth get packaged and sold for roughly $0.001 per record.

💡 Key Insight: You are not a customer of the data broker industry. You are the product, and you have never seen your own listing.

How Your Profile Gets Built Without You Touching a Single Form

Over 4,000 data broker companies operate in the U.S. alone

Most people assume their data gets collected when they share it directly. That assumption is wrong, and it's why most privacy advice fails.

Here's the actual pipeline.

You download a free flashlight app and tap allow when it requests location permission. That app sells your GPS coordinates to SafeGraph every few minutes, around the clock. SafeGraph aggregates your movement patterns over months and sells a behavioral profile: where you work, where you worship, which medical clinic you visited, which political rally you attended.

Separately, your state sells your voter registration record. Your county sells your property records. Your DMV in some states sells your address.

A people-search aggregator like Spokeo buys all of it, cross-references it, and publishes a profile with your photo, relatives, estimated income, and current address. For $4.95 a month, anyone can search it.

This is genuinely hard to track: what happens to your data after the first sale. Brokers resell to other brokers. A profile sold to a marketing firm in 2021 might now be in a database used by a Nigerian advance-fee fraud ring. The FTC documented cases where scam call centers purchased broker data specifically filtered for elderly Americans with investment accounts. That's in the agency's 2023 enforcement filings.

💡 Key Insight: The free app you downloaded in 2019 is still generating location data that gets resold today. Deleting the app does not delete the historical data already sold.

Who Is Actually Buying Your Data

Manual opt-out from all major data brokers takes an estimated 100+ hours per person

Most privacy coverage focuses on advertisers. Advertisers are the least dangerous buyer on the list.

The buyers who actually threaten your safety are different.

**Stalkers and abusers.** Domestic violence organizations documented cases where abusers used Spokeo and Intelius to find victims who had relocated. No background check is required. A credit card is enough.

**Scam operations.** A 2024 Motherboard investigation found that data brokers were selling "aged leads," lists of people who had inquired about financial products, to fraudulent investment platforms. The lists included names, phone numbers, estimated liquid assets, and age.

**Insurance companies.** Health and life insurers use behavioral data (grocery purchases, fitness app data, location patterns near hospitals) to inform underwriting decisions, even in legally murky jurisdictions.

**Employers.** Background check companies like Checkr and Sterling pull from broker databases. Outdated or incorrect data in these profiles has cost people job offers.

**Law enforcement without a warrant.** ICE and the IRS have paid data brokers for location and identity data, bypassing Fourth Amendment warrant requirements. A 2021 Government Accountability Office report confirmed this.

Optery built its product specifically because manual opt-out requests across 200-plus broker sites take an estimated 100 hours. Their automated removal and monitoring system cuts that to minutes.

💡 Key Insight: Advertisers are not the threat. Stalkers, scam operations, and warrantless government surveillance are, and they all shop at the same marketplace you've never heard of.

Five Actions That Actually Remove You From the System

A credit freeze reduces new-account fraud by up to 96% according to a Carnegie Mellon CyLab study

Most guides tell you to opt out of Google and Facebook and call it done. That misses 99% of the problem.

These are the five steps that matter, in order of impact.

**1. Use an automated removal service.** Optery, DeleteMe, or Privacy Bee scan your profiles across 150 to 750 broker sites depending on the tier and submit removal requests on your behalf. Optery's free tier covers 30 sites. Paid plans start around $3.99 per month and include quarterly re-scans, because brokers re-add your data after removal.

**2. Opt out of the big four people-search sites manually first.** Spokeo, WhitePages, BeenVerified, and Intelius all have opt-out pages. Do these immediately. They're the most searched and the easiest ways to find your address.

**3. Freeze your credit at all three bureaus.** Equifax, Experian, and TransUnion all offer free credit freezes. A frozen credit file cannot be pulled by a new lender, which stops most identity-theft-based fraud cold. This is free. Do it today.

**4. Audit your app permissions.** On iPhone: Settings, Privacy and Security, Location Services. On Android: Settings, Privacy, Permission Manager. Revoke location access from every app that doesn't physically require it to function. Your banking app doesn't need your location.

**5. Use a Google Voice number and a masked email.** Give out your real phone number and email to as few services as possible. Tools like SimpleLogin or Apple's Hide My Email generate disposable addresses. Google Voice gives you a number that forwards to your real phone without exposing it.

💡 Key Insight: If you're only adjusting Facebook privacy settings, you're wasting time. The brokers harvesting your data never touched your Facebook account.

Key Takeaways

🎯Your data profile exists on over 200 broker sites right now, assembled from app permissions, public records, and purchase history, without your knowledge or consent.
📌Location data brokers like SafeGraph and Outlogic sell raw GPS movement data harvested from ordinary apps, showing where you work, worship, and receive medical care.
Advertisers are not the most dangerous buyer. Scam call centers, stalkers, and federal agencies purchasing warrantless surveillance data are confirmed buyers of the same broker databases.
🔑Freeze your credit at all three bureaus today for free. It takes 15 minutes and blocks the most damaging form of identity fraud instantly.
💎The data removal services market is consolidating fast. Optery's 2026 Fortress Cybersecurity Award win signals that enterprise-grade privacy removal tools are moving downstream to consumers, which means the window where individual effort matters most is right now, before brokers find workarounds.

FAQ

Q: Can I remove myself from data broker sites permanently?
A: No removal is permanent. Brokers re-add your information from public record updates, typically within 30 to 90 days, which is why services like Optery and DeleteMe run quarterly re-scans as part of their subscription. A one-time removal effort buys you maybe three months of reduced exposure.

Q: Does using a VPN protect me from data brokers?
A: A VPN hides your IP address from websites but does nothing to stop data brokers who harvest your information from public records, app permissions, and loyalty programs. A VPN is useful for other threats, but treating it as a data broker defense is a common and expensive misunderstanding.

Q: How do I find out what a data broker actually has on me right now?
A: Go to Spokeo.com and search your own name and city. What comes up is a sample of what hundreds of brokers hold. For a full audit, Optery's free scan at optery.com shows your active profiles across 30-plus sites within minutes of signing up.

Conclusion

Your data profile is being updated, sold, and resold right now. It will be used against you eventually, whether by a scammer who knows your bank and net worth, or by a stalker who found your new address in 30 seconds on BeenVerified. Freeze your credit at Equifax, Experian, and TransUnion first. That takes 15 minutes and it matters most. Then run a free scan on Optery to see exactly which broker sites have your profile, and start removing them.

  • How to Automate Data Entry with AI (Step-by-Step)
    AI automates data entry by pairing document parsing tools with LLMs like GPT-4o or Claude to extract, validate, and route structured data — no human typing required. The real unlock is connecting these tools into a pipeline using Zapier, Make, or a custom API. Most teams cut data entry time by 80–90
  • How Does AI Help Cybersecurity Teams — And How Do Attackers Abuse the Same Tools?
    The same AI tools that help security teams detect threats in milliseconds are being weaponized to clone voices, generate perfect phishing emails, and impersonate executives on live video calls. This isn't a future risk — it already cost one company $25 million in a single afternoon. Here's exactly w
  • How Does AI Voice Cloning Enable Identity Theft?
    CrowdStrike's 2026 threat report confirms what security researchers have been dreading: AI-driven identity attacks have become faster, cheaper, and almost indistinguishable from reality. Criminals no longer need your password — they need three seconds of your voice. Here's what's actually happening