Thousands of Hapn Users Vulnerable After Data Breach

The GPS tracker manufacturer Hapn has suffered a data breach affecting thousands of its customers due to a vulnerability in one of its servers, according to a report by TechCrunch.

In November, a cybersecurity researcher discovered that Hapn’s server was exposing users’ names and the names of their workplaces. The breach impacts thousands of records, including device identifiers used for tracking purposes.

Hapn, formerly known as Spytec, specializes in developing and selling GPS trackers for monitoring the location of vehicles, equipment, and personal belongings. The company claims to have over 460,000 active devices in its system, with prominent Fortune 500 companies among its clientele. Spytec’s products are marketed as tools for safeguarding valuable possessions and ensuring the safety of loved ones.

The vulnerability allows authorized users to access sensitive data via browser developer tools. The exposed records include information about more than 8,600 devices, such as unique IMEI numbers of SIM cards, as well as the names and professional contact details of the owners. However, no data regarding the real-time locations of devices was included in the breach.

As of now, the leaked data remains accessible. Hapn has not responded to multiple inquiries from journalists. Requests directed to the company’s CEO have also gone unanswered, and the email address listed in its privacy policy was found to be inactive. Moreover, the company’s website lacks a dedicated section for reporting security vulnerabilities.

Some affected customers have verified their association with the leaked devices but declined to comment on their usage. One corporate client listed on Hapn’s website as a business partner was also identified among those whose GPS tracker information was exposed.

The researcher revealed that their interest in studying the trackers arose after noticing customer reviews describing the devices being used to track spouses. Indeed, numerous online reviews of Spytec products suggest such applications.

The leaked data includes records of thousands of devices linked to names but without additional details. It remains unclear whether the individuals being tracked are aware of the monitoring.