French sailor posts Strava run exposing Charles de Gaulle's location, France tightens security

A French naval officer inadvertently exposed the exact location of the Charles de Gaulle aircraft carrier in the Mediterranean Sea by publicly sharing a fitness activity on the Strava app on March 13, 2026.

“France takes ‘appropriate measures’ after sailor’s jogging app exposes aircraft carrier’s location France takes ‘appropriate measures’ after sailor’s jogging app exposes aircraft carrier’s location PARIS (AP) — France says it’s taking “appropriate measures” after a naval officer’s use of the Strava exercise app inadvertently enabled journalists to geolocate the aircraft carrier Charles de Gaulle that is in the Mediterranean to help protect French and allied assets and interests during the Iran war”

Associated Press

The sailor, identified as Arthur by Le Monde, recorded a 7-kilometer run lasting 35 minutes around the deck of the nuclear-powered vessel.

Associated Press

The vessel was deployed northwest of Cyprus approximately 100 kilometers from the Turkish coast.

The public Strava profile with precise GPS coordinates allowed journalists from Le Monde to track the vessel's movements in near real-time.

Journalists verified the location using satellite imagery taken just over an hour later.

This security breach occurred during heightened tensions in the Middle East, with the carrier deployed to protect French and allied assets.

Recent Iranian attacks on French bases in Iraq had killed one soldier and wounded six others.

The security implications of the Strava leak were particularly concerning given the Charles de Gaulle's role and the geopolitical context.

France's flagship nuclear-powered aircraft carrier, the only such vessel outside the US military, carries 20 fighter jets, two surveillance aircraft, and three helicopters.

BBC

While the deployment had been publicly announced by President Macron on March 3 as 'strictly defensive,' the exact real-time positioning was sensitive operational information.

The incident revealed not just the carrier's current location but also its entire itinerary through the sailor's Strava history.

Strava data showed movements off the Cotentin on February 14, in the Baltic Sea on February 27, and finally in the Eastern Mediterranean.

This comprehensive tracking of military movements posed significant security risks in a conflict zone.

Iranian forces had already demonstrated the capability to strike French targets in the region.

In response to the security breach, France's Armed Forces General Staff acknowledged that the sailor's actions violated current digital security guidelines.

“This phenomenon is not new”

BFMTV

Officials vowed that 'appropriate measures will be taken by the command' regarding the incident.

Military officials emphasized that digital hygiene for combatants is considered a prerequisite before any deployment.

Sailors are regularly made aware of security risks associated with connected devices and social media.

Different levels of restrictions on connected devices are applied within the French Navy.

These levels are determined by command based on current threat assessments.

This incident follows a pattern of security lapses where military personnel have failed to follow established protocols.

Despite repeated warnings and training sessions about location-sharing application risks.

The Charles de Gaulle incident is part of a broader pattern of 'StravaLeaks' that have exposed sensitive military and governmental information.

Le Monde previously documented similar incidents involving world leaders' security teams.

Bitdefender

These included those protecting French President Macron, former US President Biden, and Russian President Putin.

A Secret Service agent's jog revealed the San Francisco hotel where Biden was staying before meeting Chinese President Xi Jinping.

The app has also compromised security at military installations including American bases in Syria.

A British nuclear base in Scotland was also exposed through Strava data.

French intelligence agency operations were compromised through similar leaks.

In 2025, French nuclear submarine crews inadvertently revealed patrol schedules through Strava activities.

Over 450 military-linked Strava users have been active with public profiles.

Some recorded activities near sensitive nuclear facilities.

The incident highlights the growing challenge of maintaining military security in an era of ubiquitous connected devices.

“A French sailor appears to have accidentally exposed the position of a major warship - simply by logging a run on his smartwatch”

Daily Express

The Charles de Gaulle was compromised through basic OSINT—Open Source Intelligence—from publicly available fitness data.

Daily Express

This shows how modern military security must contend with personal digital devices emitting signals.

Vessels attempting communications silence can still be tracked through individual devices.

Three key elements enable such leaks: precise GPS coordinates, public profiles, and activities in remote locations.

Strava boasts 195 million users across 185 countries.

Many fitness apps by default share location data publicly.

The military faces an ongoing battle to ensure personnel understand personal digital activities have national security implications.

This is particularly true when operating in conflict zones where adversaries monitor OSINT channels.