Hapn, a GPS tracking company formerly known as Spytec, is under scrutiny after a website vulnerability exposed the personal information of thousands of its customers. The breach was discovered in late November 2024 when a security researcher notified TechCrunch about a flaw that allowed users to access sensitive data through the developer tools in their web browser. This data, which was stored on one of Hapn’s servers, includes names and business affiliations of individuals linked to over 8,600 GPS trackers. Although the exposed information does not include real-time location data, it does contain unique IMEI numbers for the devices, which can be used to identify them.
Hapn, which tracks over 460,000 devices, provides GPS trackers for personal use and corporate clients, including those in the Fortune 500. The company’s products are marketed for monitoring valuable assets and “loved ones.” However, the recent exposure of customer information raises serious concerns about privacy, especially since some individuals may be unaware that their location is being tracked. Notably, several reviews of Hapn’s GPS trackers mention using the devices to monitor spouses or partners, further highlighting the potential risks of misuse.
Despite multiple attempts to contact Hapn, the company has failed to respond to inquiries from TechCrunch. Emails sent to CEO Joe Besdin and the company’s privacy policy address have gone unanswered, with the latter returning a bounce error. At the time of writing, the exposed customer data remains accessible, and there is no form or process for reporting security vulnerabilities on the company’s website. This lack of response to the breach has raised concerns about Hapn’s commitment to addressing the issue and protecting its users’ privacy.
The security researcher, who initially investigated the GPS tracker after noticing suspicious reviews, highlighted that the exposure of customer records could lead to significant privacy violations. While the data leak does not include direct location data, the inclusion of personal information like names and workplace details increases the risk of targeted attacks or identity theft. As Hapn continues to face scrutiny, customers affected by the breach are urged to monitor their accounts and take steps to protect their personal information from potential exploitation.
Reference:
