A fitness app exposed sensitive location details for thousands of users including soldiers and secret agents

ShutterstockUsing the Polar fitness app, investigators were able to find the homes of soldiers and secret agents.
  • Polar’s fitness app had security flaws exposing the location data of its users, according to a joint investigation from De Correspondent and Bellingcat.
  • This included the location details of soldiers and secret agents.
  • Polar has since suspended its “explore” map and stated there was no data breach, as the data obtained was from public and not private profiles.
  • However the investigation claims it was able to obtain details from private profiles as well as public ones.

A joint investigation from De Correspondent and Bellingcat has revealed that Finnish company Polar’s fitness app Polar Flow exposed the geolocation details of its users.

Polar produces fitness tracking watches and hardware, all of which connect to its app Polar Flow. According to the investigation, the app’s activity tracking map (named “Explore”) exposed the home addresses of thousands of users, including soldiers and secret agents. That’s partly because people often turn their fitness trackers on or off when they’re close to home, unwittingly revealing where they live.

The investigation zeroed in on two hundred sensitive locations and, using site scraping techniques, found 6,460 individuals across 69 nationalities. The two organisations found areas such as a military base, selected an exercise that had been published there, then simply looked at where that same user profile had been.

The investigation found the names and addresses of personnel from multiple intelligence agencies including the NSA, US Secret Services and MI6. Even sensitive personnel often used their real names, making them easy to identify.

Polar published a statement last Friday stating it had suspended its “Explore” map. “It is important to understand that Polar has not leaked any data, and there has been no breach of private data,” Polar said.

“Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case,” it said.

However, the investigation claims that despite many users making their profiles private it was able to find user details due to “an oversight in the Polar app.”

The investigation draws parallels with the Strava fitness app, which in January of this year was shown to reveal sensitive locations around the world.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.