Thousands of GPS tracking customers have info leaked following data breach

Map shown on smartphone
(Image credit: Shutterstock)

  • A security researcher found Hapn website is spilling sensitive information
  • The data includes people's names and business affiliation
  • No location data was leaked, but the company is remaining quiet for now

Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online, and is not responding to researcher alerts or media inquiries, experts have claimed.

In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the exposed data using the developer tools in the web browser.

The data being exposed apparently includes customer names, and the names of their workplace. It also includes data on more than 8,600 GPS trackers, and IMEI numbers for their SIM cards. Location data is not included, though. TechCrunch analyzed some of the data, and even reached out to a few people whose names were found in the leaked data, and confirmed the information is correct.

No response

Hapn is used by both commercial entities, and individuals, with the company advertising its tools as means of tracking valuables and loved ones, and claims there are more than 460,000 active devices, with customers reportedly including some Fortune 500 companies.

Tracking services are always a sensitive topic, whether they are hardware, or software-based, since in many instances, they are abused to spy on people and track their location without consent or knowledge.

Misconfigured databases, website bugs, and other errors, can happen to anyone. How the companies respond to being notified is what matters, and in this case, it seems that Hapn failed. TechCrunch says “several emails” to the CEO went unreturned, and some even bounced with an error message that the address is non-existent.

“The company does not have a web page or form for reporting security vulnerabilities,” the publication added.

We have reached out to Hapn anyway, and will update this article if we hear back from the company.

Via TechCrunch

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.