Fitness App Polar Flow
The popular fitness app "Polar Flow" has accidentally exposed the location of millions of users, including personnel working for intelligence services and at military bases. By simply modifying the browser's web address or abusing the API, an individual could find the names of users who track, or who have tracked, their fitness with Polar Flow, going back to 2014. Additionally, abusing the app's API revealed information on over 64,000 users whose accounts were set to private, many of whom used the app at sensitive locations around the world including the NSA, White House, MI6, and nuclear storage facilities. Since the release of this information, Polar has temporarily suspended the Explore API.