TechCrunch has learned that a security researcher has uncovered a major breach involving thousands of customer names and affiliations from Hapn, a GPS tracking firm. The bug occurred due to a website vulnerability that exposed sensitive data from one of Hapn’s servers.
What is Hapn?
Hapn, formerly known as Spytec, is a global leader in location tracking technology. The company allows users to remotely monitor the real-time location of internet-enabled devices such as GPS trackers attached to vehicles or equipment. Hapn also sells GPS devices under its Spytec brand for tracking valuable possessions and ‘loved ones.’
How Did the Breach Occur?
The security incident was reported by a researcher in late November. The bug allowed unauthorized access to customer data, including names, affiliations, and IMEI numbers of their tracked devices. TechCrunch has confirmed that the exposure occurred due to vulnerabilities in Hapn’s website.
Exposed Data
The breach exposed information on over 8,600 GPS trackers. The data included unique identifiers like IMEI numbers for SIM cards, which are essential for tracking device locations. However, location data was not part of the exposed records.
Affected Customers
Thousands of customers had their names and business affiliations exposed in the breach. These individuals were either owners or users of Hapn’s GPS devices. TechCrunch has access to evidence showing that some corporate clients also had their tracker data compromised.
Hapn’s Response
Hapn acknowledged the security incident but stated there was no prior knowledge of the exposure at the time of publication. The company claimed responsibility for limited affected records, each containing data from multiple devices.
Implications of the Breach
The exposure poses a significant risk to privacy and security. Thousands of individuals may have had sensitive information accessed without their knowledge or consent. This incident underscores the importance of robust cybersecurity measures in protecting customer data.
Conclusion
Hapn’s GPS tracking firm has suffered a major blow following a website vulnerability that exposed personal details of thousands of customers. The incident highlights the need for vigilance in safeguarding sensitive data and emphasizes the critical role of cybersecurity in protecting individual privacy.
