Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
mood
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
Commerce
Crypto
endeavour
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
privateness
Robotics
surety
Social
Space
inauguration
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
GPS tracking firm Hapn unwrap the names of 1000 of its customer due to a website hemipteron , TechCrunch has get a line .
A security researcher alerted TechCrunch in former November to customer names and tie — such as the name of their workplace — spilling from one of Hapn ’s server , which TechCrunch has see .
Hapn , formerly known as Spytec , is a tracking company that allows user to remotely monitor the real - time location of internet - enable tracking machine , which can be attached to vehicles or other equipment . The company alsosells GPS trackers to consumers under its Spytec brand , which trust on the Hapn app for tracking . Spytec touts its GPS gimmick for tracking the localisation of valuable ownership and “ loved ones . ” According to its website , Hapn claims to traverse more than 460,000 gimmick and number customers within the Fortune 500 .
The germ earmark anyone to lumber in with a Hapn account to view the scupper data using the developer putz in their web web browser .
The exposed data contained information on more than 8,600 GPS trackers , including the IMEI numbers for the SIM cards in each tracker , which uniquely discover each gimmick . The expose data did not admit location data , but thousands of record contained the name and occupation affiliations of client who own , or are tracked by , the GPS trackers .
Hapn did respond to multiple e-mail from TechCrunch . Several electronic mail to Hapn CEO Joe Besdin start unreturned prior to publishing . A substance send to an email destination list on the company ’s concealment policy returned with a bounce mistake , saying that the email savoir-faire does not exist . The party does not have a web page or form for reporting protection vulnerability .
In an email allow for to TechCrunch after issue , Hapn CEO Joe Besdin said that the ship’s company had no knowledge of the exposure prior to publication and that the data was confine to three customer accounts , each with a large number of tracker . Besdin say the exposed records concerned datum from April 2024 .
Besdin said the security effect is resolved .
When we touch individuals whose names and tie-up were listed in the exposed data , several people confirmed their names and workplaces but declined to discuss their purpose of the GPS tracker . One company list on Hapn ’s website as a embodied customer had several trackers listed in the exposed data , TechCrunch has experience .
The security researcher allege they began looking into the GPS tracker after finding that customers had left online reviews for the devices recommending the tracker for monitoring a person ’s spouse or partner . ( TechCrunch has seen dozens of reviews on Spytec ’s online stores from customer who exact to have used the GPS gimmick to track their spouses . )
The list of exposed customer records also showed one thousand of trackers with associated name but no other discernible association . It ’s not known if the individuals are cognisant of having been tracked .
Updated with post - publication comment from Hapn .
