The loophole made it possible to scrape up the identities of roughly 100 people at six sites, underscoring the problem posed by the ever-widening number of apps built on location data.