Officers and crew on a French nuclear submarine inadvertently exposed their whereabouts and operational schedule by recording their physical activities using a fitness app. The Strava app, widely utilized for tracking fitness accomplishments, inadvertently became a security liability when it mapped the locations and times of workouts completed by the submarine’s personnel.
This breach occurred at the Ile Longue base in Brest Harbour, within France’s Finistere region, a critical site housing four nuclear submarines—each armed with 16 nuclear missiles possessing explosive capacities many times greater than those dropped on Hiroshima and Nagasaki.
These submarines, often called ‘black boats’, operate under a doctrine ensuring at least one vessel is always patrolling the seas. This strategy, known as ‘permanence at sea’, aims for these submarines to remain concealed within the oceans, ready to launch a nuclear strike within seconds upon a directive from the French President.
Despite stringent security measures at the base, including continuous surveillance and strict prohibitions on mobile devices, personnel must store them in signal-proof lockers, smartwatches, and related fitness apps, which managed to evade security protocols undetected.
A report from the UK’s Daily Mail revealed an investigation into the leaks, identifying over 450 active Strava users from the French military at this top-secret facility over the past decade. Further scrutiny by the French newspaper Le Monde showed that many military personnel chose not to use pseudonyms on Strava, instead opting to make their profiles publicly visible.
An officer logged multiple runs in the dock area where nuclear submarines are moored, noting precise timings and locations in January and February of 2023. This officer’s Strava activity stopped after February 3, 2023, and did not resume until March 25, suggesting a deployment period aboard a submarine.
Similar patterns appeared for two other officers, confirming the timeline of their submarine patrol. After resuming activity on Strava, one officer openly discussed the challenges of returning to physical training after an extended period in confined quarters, humorously referring to the submarine as a “poo box.”
This incident forms part of Le Monde’s broader StravaLeaks investigation. The newspaper also noted that bodyguards for leaders from France, the U.S., and Russia use the app, which could potentially allow for the tracking of presidential movements.
