The company had no knowledge of the exposure prior to publication.
The names of thousands of users of the GPS tracking firm Hapn were exposed due to a website bug.
A security researcher alerted TechCrunch in late November to customer names and affiliations.
The bug allowed anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser.
Hapn CEO Joe Besdin said that the company had no knowledge of the exposure prior to publication, and that the data was limited to three customer accounts, each with a large number of trackers. Besdin said the exposed records concerned data from April 2024, and the issue is resolved.
The exposed data contained information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device.
The exposed data did not include location data, but thousands of records contained the names and business affiliations of customers who own, or are tracked by, the GPS trackers.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
