Several months ago, Strava, a fitness app used on smartphones and Fitbits, shared anonymous data in the form of a heatmap. The objective was to demonstrate how many people around the world were getting fit. Now it turns out that a little bit of sleuthing can transform that anonymous data dump into sensitive and specific details.

American-based technologies that appear as hot zones in unlikely areas provide some strong clues. This has led online sleuths, as Gizmodo reports, to discover sensitive US military sites.

“To make things worse,  some on Twitter have discovered ways to de-anonymize the heatmap, identifying unique users and where they’ve been exercising. It’s basically a stalker’s dream,” writes Gizmodo.

One of the first to expose this global security flaw was a 20-year-old student named Nathan Ruser, who follows the conflict in Syria. When reading news stories, Ruser uses maps to inform his reading, according to Isabella Kwai from The New York Times. Kwai writes, “When he looked over Syria on Strava’s map — which is based on location data from millions of users, including military personnel, who share their exercise activity — the area ‘lit up with those U.S. bases,’ he said.”

Get the full story at Gizmodo.