GPS Tracker Company ‘Hapn’ Exposes Thousands of Customers’ Identities Due to Website Flaw

• A Hapn website vulnerability exposed the identities of thousands of its customers, as well as workplace details.
• The company’s real-time solutions exposes sensitive information linked to more than 8,600 GPS trackers, including IMEI numbers.
• Among the exposed data are records of individuals who may be unaware that they are being tracked.

GPS tracking company Hapn, formerly known as Spytec, has been found to inadvertently expose the identities of thousands of its customers due to a website vulnerability, according to a recent investigation.

A security researcher reported that the data leakage originates from one of Hapn’s servers. The exposed data includes customer names and their affiliations, such as workplace details, accessible to anyone logged into a Hapn account via developer tools in their web browser. 

The leaked data's authenticity was reviewed and confirmed TechCrunch, and several individuals listed in the leaked data confirmed their names and workplace affiliations.

Hapn, which provides real-time GPS tracking solutions for vehicles, equipment, and valuable possessions, reportedly tracks over 460,000 devices and services Fortune 500 companies among its clientele. 

However, this serious flaw exposes sensitive information linked to more than 8,600 GPS trackers, including IMEI numbers – unique identifiers for the SIM cards used by each device. Notably, while location data is not part of the breach, countless records reveal customer names and organizational affiliations.

The exposed database also includes records of individuals who may be unaware that they are being tracked by these devices. The uncovered issue raises significant concerns about user privacy and the company’s failure to secure customer information.

The security researcher who discovered the vulnerability initially looked into these trackers after noting customer reviews online, many of which mentioned using the devices to monitor spouses or partners. 

TechCrunch has confirmed the existence of such reviews across Spytec’s online stores. This raises ethical questions about the misuse of surveillance technology, as well as the potential lack of transparency among users being tracked.

The exposed information also includes numerous businesses listed as Hapn's corporate clients, one of which was shown to have multiple trackers in operation.

Recently, a Byte Federal data breach may have exposed 58,000 Bitcoin ATM users' images and transaction activity, also impacting SSNs, email addresses, phone numbers, dates of birth, and IDs.