The firm added that it had been aware that the potential existed for sensitive location data to appear in public information, saying that it had chose to temporarily suspend the Explore API, which allows users to share information about training sessions.
The Institute for United Conflict Analysts (IUCA) founding member Nathan Ruser discovered that the interactive map could be used for intelligence gathering, highlighting the location of military facilities - many supposedly secret.
We can find Western military personnel in Afghanistan through the Polar site.
By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well. The two organizations found areas such as a military base, selected an exercise that had been published there, then simply looked at where that same user profile had been. Postma does mention that since Bellingcat's investigation into the matter, Polar has temporarily suspended its Explore feature and is now problem-solving to come up with ways to combat these security issues.
"With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning", security researcher Foeke Postma said in a blog post Sunday after an investigation with the Dutch news organization De Correspondent. I also suggest not connecting your fitness tracker to any of your social media accounts on sites like Facebook and Twitter - as we know, those can also already collect a whole mess of data on their own.
Polar has become the latest fitness tracker to be accused of spilling identifying user data to all and sundry.
While noting that users have always had the option of making their profiles private, Polar responded to the report by shutting Explore. And you can see where those runs start and stop. On Friday, the company issued a statement in which it said that it did not leak users' private information and that there had been no data breach affecting private data.
That's not all; Polar also lets you view the entire exercise history of a user since 2014.