American service members around the world have potentially been violating operational security by using the popular fitness tracking application Strava during workouts. As a result of the run tracking software, maps of installations manned by forward deployed service members, as well as their frequently traveled routes, have surfaced online, potentially providing valuable intelligence to the enemy.

While there are a number of fitness tracking apps available for the smart phones that have become prevalent in recent years, Strava touts itself specifically as “the social network for athletes.” The application allows runners and cyclists to compete against others by posting maps of terrain covered along with a variety of statistics regarding the workout. In a best case scenario, this form of sharing data permits users to compare their workouts to others who have either covered the same terrain, or by comparing the pertinent details of workouts conducted in different places.

In a worst case scenario, however, Strava’s “heat mapping” offers up an easy to track read-out of installations, including supposedly clandestineclandestineclandestine ones, all around the world.

“This is literally what 10,000 innocent individual screw-ups look like,” Scott Lafoy, an open-source imagery analyst, said of the revelation. “A lot if it is going to be a good reminder to security services why you do opsec (operational security) and why you do manage this sort of thing, and everyone is going to really hope it doesn’t get a couple people killed in the meantime.”