Technology

Thousands of GPS tracking customers have info leaked following data breach

December 19, 2024

A security researcher found Hapn website is spilling sensitive information
The data includes people’s names and business affiliation
No location data was leaked, but the company is remaining quiet for now

Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online.

In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the exposed data using the developer tools in the web browser.

The data being exposed apparently includes customer names, and the names of their workplace. It also includes data on more than 8,600 GPS trackers, and IMEI numbers for their SIM cards. Location data is not included, though. TechCrunch analyzed some of the data, and even reached out to a few people whose names were found in the leaked data, and confirmed the information is correct.

No response

Hapn is used by both commercial entities, and individuals, with the company advertising its tools as means of tracking valuables and loved ones, and claims there are more than 460,000 active devices, with customers reportedly including some Fortune 500 companies.

Tracking services are always a sensitive topic, whether they are hardware, or software-based, since in many instances, they are abused to spy on people and track their location without consent or knowledge.

Misconfigured databases, website bugs, and other errors, can happen to anyone. How the companies respond to being notified is what matters, and in this case, it seems that Hapn failed. TechCrunch says “several emails” to the CEO went unreturned, and some even bounced with an error message that the address is non-existent.

“The company does not have a web page or form for reporting security vulnerabilities,” the publication added.

We have reached out to Hapn anyway, and will update this article if we hear back from the company.

Edit, December 20 – We have heard back from Hapn CEO and co-founder, Joseph Besdin, who told us that the exposure was limited to historical data from April 2024, and that it only affected three customer accounts.

The issue has been fully resolved, he added.

“We take security extremely seriously and have already implemented additional safeguards. We’re in direct communication with the affected customers as well,” Besdin concluded.

Via TechCrunch

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar