Posted on 06/21/22
| News Source: i24
A fake user took advantage of the glitch
Nearly 100 Israeli army officers and defense officials had their personal details revealed in a security breach in the Strava exercise app, which also disclosed locations of secret army bases.
The breach was discovered by the Israeli open source investigative group FakeReporter and was reported to the country’s government, according to Haaretz.
Compromised data included names, photos and movements of the officers who used a popular running and hiking app, as well as locations of sensitive military sites in Israel, such as Mossad headquarters, secret army, air force and intelligence bases.
The disinformation watchdog, that received a tip on a loophole in Strava's privacy settings, revealed that a fake user took advantage of the breach by disclosing identities of soldiers who run near sensitive military locations and creating a database of army sites. The user called Ez Shl was later removed after FakeReporter informed Strava and Israeli authorities.
“We take matters of privacy very seriously and have addressed the reported issues,” Strava was quoted as responding to the security breach.