Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Thousands of GPS tracking customers have info leaked following data breach

Map shown on smartphone.

  • A security researcher found Hapn website is spilling sensitive information
  • The data includes people's names and business affiliation
  • No location data was leaked, but the company is remaining quiet for now

Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online.

In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the exposed data using the developer tools in the web browser.

The data being exposed apparently includes customer names, and the names of their workplace. It also includes data on more than 8,600 GPS trackers, and IMEI numbers for their SIM cards. Location data is not included, though. TechCrunch analyzed some of the data, and even reached out to a few people whose names were found in the leaked data, and confirmed the information is correct.

No response

Hapn is used by both commercial entities, and individuals, with the company advertising its tools as means of tracking valuables and loved ones, and claims there are more than 460,000 active devices, with customers reportedly including some Fortune 500 companies.

Tracking services are always a sensitive topic, whether they are hardware, or software-based, since in many instances, they are abused to spy on people and track their location without consent or knowledge.

Misconfigured databases, website bugs, and other errors, can happen to anyone. How the companies respond to being notified is what matters, and in this case, it seems that Hapn failed. TechCrunch says “several emails” to the CEO went unreturned, and some even bounced with an error message that the address is non-existent.

“The company does not have a web page or form for reporting security vulnerabilities,” the publication added.

We have reached out to Hapn anyway, and will update this article if we hear back from the company.

Edit, December 20 - We have heard back from Hapn CEO and co-founder, Joseph Besdin, who told us that the exposure was limited to historical data from April 2024, and that it only affected three customer accounts.

The issue has been fully resolved, he added.

"We take security extremely seriously and have already implemented additional safeguards. We're in direct communication with the affected customers as well," Besdin concluded.

Via TechCrunch

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.