A big oversight on the part of both military officials and fitness app developer Strava seems to have resulted in a major leak of sensitive movements data about military personnel from around the globe. For those who may not already be aware, Strava is a company responsible for providing GPS-based fitness services and connectivity for various wearables users, with its flagship product being an Android and iOS app called Strava Running and Cycling GPS. For Strava, its part in the leak in question appears to have come about as a result of self-advertising. The company released an interactive heat map back in November that showed off a compilation of its users and their movements, which were recorded between some time in 2015 and September of last year.
The breach was not initially reported on because it presumably hadn't been noticed until one Nathan Ruser stumbled on the interactive map while studying international security. When Ruser – and eventually others – began looking at known military bases on Strava's map, they noticed that the data effectively showed patrol routes, jogging or running routes, and other daily activities of military personnel. The activity showed as a movement of lights and lines, with heavy traffic areas being more densely populated than others. Of course, that data would not have given specifics about times of day when the activity occurred, but it could feasibly still give insights into the patterns of daily life on various military bases. That is especially true since it would be much more difficult to track the movements of a specific group within tech-saturated cities, while doing so would be relatively easy in low-density areas where military bases tend to be located.
Meanwhile, Strava's own terms and conditions, as well as earlier statements from the company, clearly relate that it is up to the user to control the tracking of their activities. The company has, nonetheless, released a statement in which it has committed itself to helping the militaries in question to address potential problems. However, the militaries themselves – with reports of a breach coming in from Russian, British, and U.S. bases – also appear to have either not enforced policies or had weak policies in place, to begin with, with regard to the use of fitness trackers. In fact, the use of such wearables is actively encouraged by officials at the Pentagon since at least 2013 as a way to combat obesity and other health problems among personnel. With that said, military officials are now said to be working to rewrite and enforce policies about wearables and fitness trackers in a bid to prevent this kind of breach from happening again.