In a concerning revelation, TechCrunch has learned that GPS tracking firm Hapn exposed the names of thousands of its customers due to a website bug. The security researcher who alerted TechCrunch to this issue in late November revealed that customer names and affiliations, such as their workplace, were spilling from one of Hapn’s servers.
About Hapn
Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices. These devices can be attached to vehicles or other equipment and are also sold to consumers under the Spytec brand, relying on the Hapn app for tracking.
What Was Exposed
The bug allowed anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contained information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker. These numbers uniquely identify each device.
What Happened
The exposed data did not include location data, but thousands of records contained the names and business affiliations of customers who own or are tracked by the GPS trackers. Hapn’s website claims to track more than 460,000 devices and counts customers within the Fortune 500.
How Did It Happen?
A security researcher alerted TechCrunch in late November to the customer names and affiliations spilling from one of Hapn’s servers. The researcher began looking into the GPS tracker after finding that customers had left online reviews for the devices recommending them for monitoring a person’s spouse or partner.
What Did Hapn Say?
Hapn CEO Joe Besdin responded to multiple emails from TechCrunch but did not return several emails prior to publication. A message sent to an email address listed on the company’s privacy policy returned with a bounce error, saying that the email address does not exist.
Post-Publication Response from Hapn
After TechCrunch published its story, Hapn CEO Joe Besdin provided an email stating that the company had no knowledge of the exposure prior to publication. He claimed that the data was limited to three customer accounts, each with a large number of trackers.
What Did TechCrunch Find?
When we contacted individuals whose names and affiliations were listed in the exposed data, several people confirmed their names and workplaces but declined to discuss their use of the GPS tracker. One company listed on Hapn’s website as a corporate customer had several trackers listed in the exposed data.
What Does This Mean?
The security researcher who alerted TechCrunch to this issue said that they began looking into the GPS tracker after finding that customers had left online reviews for the devices recommending them for monitoring a person’s spouse or partner. The list of exposed customer records also showed thousands of trackers with associated names but no other discernible affiliation.
Conclusion
Hapn’s exposure of thousands of customer names due to a website bug raises serious concerns about data security and customer privacy. As TechCrunch has reported, the company’s CEO, Joe Besdin, claimed that the data was limited to three customer accounts, each with a large number of trackers.
Related Topics
- Cybersecurity: The exposure of thousands of customer names due to a website bug highlights the importance of robust security measures in protecting sensitive customer information.
- Data Breach: This incident serves as a reminder that even well-established companies like Hapn can experience data breaches, underscoring the need for vigilance and proactive security measures.
- Location Tracking: The use of GPS tracking devices raises questions about customer consent and transparency in location tracking.
Recommendations
- Implement Robust Security Measures: Companies handling sensitive customer information must invest in robust security measures to prevent data breaches and protect customer privacy.
- Prioritize Transparency and Consent: Customers have the right to know how their personal data is being used, especially when it comes to location tracking. Companies must prioritize transparency and obtain explicit consent from customers before collecting or using their location data.
What’s Next?
As this incident continues to unfold, TechCrunch will monitor Hapn’s response and actions taken to address the exposure of customer names due to a website bug. We will also continue to report on related topics, including cybersecurity, data breaches, and location tracking.
Additional Resources
- Hapn’s Response to Data Breach
- Cybersecurity Best Practices for Companies
- Data Protection Laws and Regulations
About the Author
[Your Name] is a journalist with TechCrunch, covering topics related to technology, security, and data protection.
