Tracker Firm Hapn Spilling Names of Thousands of GPS Tracking Customers

An anonymous reader quotes a report from TechCrunch: GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations -- such as the name of their workplace -- spilling from one of Hapn's servers, which TechCrunch has seen.

Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and 'loved ones.' According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.

The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.

Read more of this story at Slashdot.