A fitness app might have been responsible for exposing the identities of numerous British Special Air Service (SAS) operators.

According to Nick Waters, a former British Army officer and open source analyst with Bellingcat, the fitness app Strava can be manipulated into revealing the identities of Special Operations personnel.

Waters identified the security lapse during an experiment. The former infantry officer described how he managed to find out the identities. “I made up my own training session,” he said. “And convinced Strava that I had run a certain distance in a certain time inside the base [he was referring to the Hereford base where the Special Air Service is headquartered]. The app then started giving me the names and Facebook profiles of people who had actually run the same route. I started freaking out a bit because I knew this was the kind of information, I probably shouldn’t have access to. So I turned it off. It shows how social media is an incredibly powerful monitoring tool and it can be used by anyone to access personal information.”

Although Personal Security (PERSEC) concerns are often exaggerated — even in most Special Operations units — operators who are serving at the tip of the spear, that is Tier 1 units such as the SAS, Delta Force, SEAL Team 6, are considered a national level asset and thus their identities must remain secret.