The map shows the popularity of running, cycling and swimming routes completed by people either using the app or importing data from third-party devices. It allows users to count how much exercise they've done and share it with others, a fairly innocuous use and a common one with fitness trackers.
On the weekend, 20-year-old Australian university student Nathan Ruser noticed the map showed the locations and running routines of military personnel at bases in the Middle East and other conflict zones. This has raised security concerns about personnel at United States military bases around the world. But experts and keen observers have recently realized its potential to reveal location patterns of security forces working out at military bases in remote locations.
As Ruser points out, personnel who wish to track their activities but keep them private could have changed their privacy and data sharing settings on Strava, but evidently have not done so.
He also pointed on Twitter that it was possible to locate jogging routes for soldiers, who had the app on for tracking during these activities, which is risky.
But with some analysis, the data could also provide the enemy combatants and terrorists with the intel they need to identify patrol roots, military activity, and potentially locate secret military sites.
"Once you can identify individuals the data becomes a lot more valuable", said Tobias Schneider, a Berlin-based security analyst who has identified the names of 573 people who jog every morning around the parking lot of the headquarters of British intelligence, making it highly likely they work for the agency.
Some parts of the USA and Europe blazed bright with the activity of millions of people using fitness devices, while conflict zones in places like Iraq and Syria showed only the slightest, scattered sparks of activity.
Writing in The Daily Beast, analyst Jeffery Lewis argued the data could be a target for hackers because "Strava knows which user made each track".
"This incident serves to highlight a distinct lack of operational security employed by various government organisations around the world", said Tom Bonner, senior manager of threat research EMEA at cyber security firm Cylance.