Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Privacy

Tracker Firm Hapn Spilling Names of Thousands of GPS Tracking Customers (techcrunch.com) 14

An anonymous reader quotes a report from TechCrunch: GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations -- such as the name of their workplace -- spilling from one of Hapn's servers, which TechCrunch has seen.

Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones." According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.

The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser. The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.

Tracker Firm Hapn Spilling Names of Thousands of GPS Tracking Customers

Comments Filter:
  • ..."WTF is hapn?"

  • by Baron_Yam ( 643147 ) on Wednesday December 18, 2024 @05:36PM (#65023451)

    "I will only buy devices that can be configured to work without relying on a connection to someone else's servers"

    • ... configured to work ...

      **** Whoosh ****
      Why is this ignorance getting up-votes?

      This isn't about that. This is businesses wanting to know where their trucks and trailers are.

      • ... configured to work ...

        **** Whoosh **** Why is this ignorance getting up-votes?

        This isn't about that. This is businesses wanting to know where their trucks and trailers are.

        **** Whoosh **** From TFS: The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones. "

        "Ignorance"? Or did you just not read the summary?

        • And either way... it doesn't take much to host your own GIS server and have your GPS units send data to it. I've actually written systems to do that from the ground up, solo.

          Going through a central server is just asking to have someone else know more about your fleet than you do.

        • ... and "loved ones."

          I suspect that "loved ones" will function normally when the spyware server is switched-off.

    • ... to someone else's servers"

      So, you don't have a phone? And you certainly didn't activate/install anti-theft software on your phone, right?

      Having a GPS tracker report directly to your phone/laptop has 2 problems:
      1. DHCP means the device can change IP address, unless you buy a fixed ISP-side address. (The DHCP on my house LAN changes addresses about every 6 months.)
      2. Your own device must always be powered-on and connected to the internet to receive the tracking pings and build a travel history.

  • by Rinnon ( 1474161 ) on Wednesday December 18, 2024 @05:50PM (#65023489)

    Spytec touts its GPS devices for tracking the locations of valuable possessions and "loved ones."

    I get the distinct impression that the feeling need not be mutual.

  • The trackers can be tracked. Cool.

  • This bullshit is never going to stop until there are severe civil (and sometimes criminal) penalties for it. When some garbage like Equifax gets hacked, they need to be liable. When some healthcare organization exposes medical records because they store them plaintext on a shared Windows drive someone needs to go to jail.
  • by guygo ( 894298 )

    now THAT's Instant Karma!

How many hardware guys does it take to change a light bulb? "Well the diagnostics say it's fine buddy, so it's a software problem."

Working...