The Finnish-based fitness tracking app Polar has disabled its global activity map feature after last week when it was learned that a simple click was all that was required to track down the real-world identities of military and intelligence personnel.

Polar Flow, one of Polar’s apps, was allowing anyone to access a feature called Explore, which is a basic activity map. The data that is readily available on this feature included a user’s past activity, such as running or biking routes, but also the user’s personal details such as heart rate, physical attributes, and more personal data.

While other fitness apps have released similar activities in the past, for example, showing popular running, hiking, or biking paths, the Polar app exposed the username and personal details of each user for each individual’s activity.

This is the second incident in a few months, in January experts discovered that military worldwide have publicly shared online their exercise routes recorded through the fitness tracker Strava revealing the fitness sessions conducted inside or near military bases.

During the weekend, Dutch security experts revealed they were able to find data on some 6,000 individuals including military personnel from dozens of countries and FBI and National Security Agency personnel.

According to an investigation by the news website Bellingcat and the Dutch news agency De Correspondent, the fitness devices were leaking data belonging to the military or intelligence officials who could be exploited by a threat actors to spy on them.

US Military Reviewing Rules for Fitness Trackers After Data Exposed

Read Next: US Military Reviewing Rules for Fitness Trackers After Data Exposed

“With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning,” explained the security researcher Foeke Postma that investigated the case with the Dutch news outlet De Correspondent.

“We can find Western military personnel in Afghanistan through the Polar site. Cross-checking one name and profile picture with social media confirmed one soldier or officer’s identity.”

While only two percent of the Polar users chose to share their data, experts were quickly able to retrieve the names and addresses of military and intelligence personnel. Including the names and addresses of personnel at military bases including Guantanamo Bay, Cuba, Arbil, Iraq, Gao, Mali, and bases in Afghanistan, Saudi Arabia, Qatar, Chad, and South Korea,

To read the entire article from Security Affairs, click here:

Photo courtesy Wikipedia