- Security researcher discovered that Hapn website is disclosing sensitive information
- The data includes people’s names and business affiliation.
- No location data was leaked, but the company remains silent for now.
According to experts, Hapn, a company that sells GPS tracking hardware and software, is releasing sensitive user information online and is not responding to researchers’ alerts or media inquiries.
In late November 2024, a security researcher contacted TechCrunchsaying that they observed a bug on the Hapn website, which allows malicious actors to view exposed data using the developer tools in the web browser.
The exposed data apparently includes the names of clients and the names of their workplace. It also includes data from more than 8,600 GPS trackers and IMEI numbers of their SIM cards. However, location data is not included. TechCrunch analyzed some of the data and even contacted some people whose names were found in the leaked data and confirmed that the information is correct.
Unanswered
Hapn is used by both commercial entities and individuals, and the company advertises its tools as a means to track valuables and loved ones, and claims that there are more than 460,000 active devices, and customers include some Fortune 500 companies.
Tracking services are always a sensitive topic, whether they are hardware or software based, as in many cases they are abused to spy on people and track their location without consent or knowledge.
Anyone can have misconfigured databases, website errors, and other errors. What matters is how companies respond to being notified, and in this case, it appears that Hapn failed. TechCrunch says that “several emails” to the CEO went unanswered, and some even bounced back with an error message stating that the address does not exist.
“The company does not have a website or a form to report security vulnerabilities,” the publication adds.
We’ve reached out to Hapn anyway and will update this article if we hear back from the company.
Through TechCrunch
