Thousands of GPS tracking customers have had their information leaked following a data breach
- A security researcher has discovered that the Hapn website is leaking sensitive information
- The data includes names and company affiliation of people
- No location data has been leaked, but the company is remaining silent for now
Hapn, a company that sells GPS tracking hardware and software, is reportedly leaking sensitive user information online and failing to respond to warnings from researchers or media inquiries, experts claim.
In late November 2024, a security researcher contacted TechCrunch and told them that a flaw had been discovered on Hapn's website that allowed malicious actors to view the exposed data in the web browser using the developer tools.
The data disclosed apparently includes customer names and the names of their workplaces. It also contains data on more than 8,600 GPS trackers and IMEI numbers for their SIM cards. However, location data is not included. TechCrunch analyzed some of the data and even contacted some people whose names were found in the leaked data and confirmed that the information is accurate.
No answer
Hapn is used by both commercial companies and private individuals. The company promotes its tools as a means of tracking valuables and loved ones and says there are more than 460,000 active devices, with customers reportedly including some Fortune 500 companies.
Location services are always a sensitive issue, whether they are hardware or software based, as in many cases they are abused to spy on people and track their location without consent or knowledge.
Misconfigured databases, website bugs, and other errors can happen to anyone. What matters is how companies respond to the notification, and in this case Hapn appears to have failed. TechCrunch says that “several emails” to the CEO were not returned and some even came back with an error message that the address did not exist.
“The company does not have a website or vulnerability reporting form,” the release continued.
We've reached out to Hapn anyway and will update this article as soon as we hear back from the company.
Via TechCrunch
Comments are closed.