Unidentified agents have been spying on Israeli military personnel using the fitness monitoring software Strava, following their movements throughout secret facilities across the country and perhaps seeing them while they travel on official trips.

Read more: Israeli police involved in spying on Israelis using NSO's Pegasus

The operation – the affiliation of which has not been revealed – was able to maintain tabs on persons who were exercising on the grounds by installing phony running "segments" inside military bases, even those who had applied the strongest possible account privacy settings.

In one case, a user running on a top-secret site suspected of having connections to "Israel's" nuclear program could be followed across other military locations and to a foreign nation, according to The Guardian.

FakeReporter, an Israeli intelligence group, revealed that it alerted Strava as soon as they became aware of the spying activity.

Strava's tracking features are intended to enable anybody to create and compete over "segments", which are brief areas of a run or bike ride that may be raced over on a regular basis, such as a long uphill climb on a popular cycling route or a single circle of a park. After uploading a segment through the Strava app, users may define it, but they can also submit GPS records from other products or services.

An anonymous user with the location "Boston, Massachusetts" has put up a series of phony segments spanning a variety of Israeli military institutions, including outposts of intelligence organizations and highly protected locations assumed to be linked with the Israeli nuclear program.

Executive director of Fakereporter, Achiya Schatz, expressed fear over the revelation. Schatz claims that by being able to upload engineered files, "revealing the details of users anywhere in the world, hostile elements have taken one alarming step closer to exploiting a popular app in order to harm the security of citizens and countries alike."

Strava addressed the breach and stated it provides information on its privacy controls but advised that military users simply opt out of its visualization.