IT manager has his bikes stolen after cycling app reveals his home address

Hopefully by now, many of us have woken up to the danger of revealing too much personal information on social networks.

There have been so many news stories about Facebook status updates leading to robbery, or the foolhardiness of tweeting from the airport lounge that you’re going to be sunning yourself in Barbados for the next two weeks.

In a nutshell, if you’re not happy broadcasting something through a loud speaker in the middle of a city centre, you probably shouldn’t be posting for all and sundry to read on a social network either.

But have you ever considered that the risks extend beyond the well-known social networks, and can even include apps that you might at first not consider a potential risk.

British IT manager Mark Leigh is rueing the day that he was careless about information he shared without thinking via a smartphone app because – he believes – it ended up with him having two bikes stolen from his garage.

As the Manchester Evening News reports, 54-year-old Leigh is a keen cyclist, and uses the Strava app designed to track bike riders and runners via GPS, allowing them to share routes and compare times.

Strava app

It’s understandable that cycling enthusiasts would want to share their routes and times to compete with each other. But there is often personal information held in those routes. For instance, it’s no surprise to find that many routes would reveal where an individual’s home is.

And that, sadly, is where Mark Leigh appears to have come a cropper.

“I’d come back from a ride around the Saddleworth hills, which I tracked on Strava.”

“I locked my bike in the garage next to another one. The following morning my garage had been cleverly broken into and they were gone. My garage is not highly visible. I live on a narrow cul-de-sac – the only explanation I can think of is Strava, as my route ended at my home address.”

“They broke the garage door. They took the bikes and nothing else. There was lots of other stuff they could have taken too – tools, valuables – but they left them. This was not random.”

To its credit, Strava is aware of the potential privacy issues of sharing routes, and the site allows you to create a privacy zone that will not be shared with others.

The idea is that you can hide your office or home on your activity maps, creating a privacy zone of 500m – 1km radius that will disguise where you work or live.

Strava privacy zone

An additional enhanced privacy mode helps you control what other athletes can follow your profile, and hide details of your activity, equipment and so forth from non-followers, as the Strava app’s website explains:

“Strava allows you to make any individual activity private. You can also create a privacy zone perimeter around any address like your home, office, or any place you tend to start activities from that you’d like to keep private. You can make your profile viewable only by signed in Strava members, and abbreviate your last name for more anonymity. In addition, you can require approval before allowing someone to follow you.”

More details of Strava’s privacy settings can be found on its website.

Sadly Mark Leigh says he wasn’t aware of the privacy settings, but is encouraging other cyclists to ensure that they have configured their version of the Strava app correctly:

“I was not aware of security settings. The other option is to start your route a couple of hundred yards from your house so you aren’t advertising where you are. People want to build up as many miles as possible, but you need to be safe. Strava is a great tool, but be mindful of the security protection in the app and be careful about publishing things publicly.”

It may sound like we’re recycling old advice, but it’s just as pertinent with apps like Strava as it is with Facebook, Twitter or your online dating profile. Make use of the privacy features made available to you.

Remember, it’s not always your identity or credit card details that the criminals are interested in stealing – it could be your personal property.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.