According to Graham Cluley, a senior technology consultant at security firm Sophos, Trapster has emailed its users warning them of a “security incident” involving email addresses and passwords, but the advisory offers up no further details of how or when the incident arose.
“This was single event”, Trapster said in the advisory. “We understand how it occurred, and have taken steps to prevent it from happening again.”
The Trapster app is available on most popular mobile platforms, including the iPhone iOS, Google Android, and BlackBerry, in addition to some GPS devices.
Trapster sent users the email notification with a web link to a FAQ page, but Infosecurity was unable to locate a link to this information from the primary Trapster website.
The only clue into the method of the alleged hack came on the FAQ page created by Trapster. “We have already rewritten the software code to help prevent this type of attack from happening again”, it noted, adding that the service is in the process of supplementing its security measures.
The mobile service did advise users to assume their data was compromised and go about resetting their account password as soon as possible.
“Now, you may not care very much if your credentials on Trapster have been compromised and may think that not too much harm can come from that”, said Cluley, who then offered some additional food for thought in his blog post: “But what if you use the same email address/password combination on [an]other website such as your Twitter account, or web email address?”
Trapster did not return a request for comment on the timing or nature of the suspected hacking incident.