The company had no knowledge of the exposure prior to publication.
The names of thousands of users of the GPS tracking firm Hapn were exposed due to a website bug.
A security researcher alerted TechCrunch in late November to customer names and affiliations.
The bug allowed anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser.
Hapn CEO Joe Besdin said that the company had no knowledge of the exposure prior to publication, and that the data was limited to three customer accounts, each with a large number of trackers. Besdin said the exposed records concerned data from April 2024, and the issue is resolved.
The exposed data contained information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device.
The exposed data did not include location data, but thousands of records contained the names and business affiliations of customers who own, or are tracked by, the GPS trackers.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.