The French armed forces are facing a major security breach after movements of more than 18,000 personnel were exposed through the popular fitness app Strava, revealing activity linked to sensitive bases, deployments, and military operations.
An investigation by Le Monde identified 18,599 users active across around 100 military sites in France and abroad, before tracking their activity over a two-year period. The data exposed locations such as the Île Longue—home to France’s nuclear ballistic missile submarines—and movements linked to the Charles de Gaulle.
In one case, a naval officer aboard the carrier revealed its position in the eastern Mediterranean on March 13 by logging a 4.3-mile run on deck. Public Strava data allowed observers to pinpoint the vessel in near real time, with satellite imagery confirming its location. While the deployment itself was not classified, the incident shows how routine fitness tracking can expose operational details.
The investigation also identified French personnel operating in sensitive regions, including in Jordan as part of Operation Chammal targeting the Islamic State. Activity logs further revealed the movements of security personnel assigned to protect French, American, and Russian political leaders, in some cases allowing their movements to be anticipated.
Despite repeated warnings, only around 7% of the identified profiles were set to private after a year of monitoring, leaving the vast majority publicly accessible. The scale of the findings suggests the issue is not limited to isolated mistakes but reflects a broader, systemic security vulnerability within the French armed forces.
