The American military has ordered a review of its grunts' personal electronics – after the Strava fitness app used by soldiers revealed base locations and other operational security gaffes.

In November, the exercise-tracking software maker released a "heatmap" to show where in the world people were using the application to monitor their daily workouts.

Unfortunately, because not all users marked their training information private, the map revealed military bases and the jogging routes of personnel. It also highlighted dangerously stupid explorers, and the data allowed viewers to drill down into an individual's fitness stats.

In response, the Pentagon has urged servicemen and women to lock down the privacy settings on their apps – which, er, they should really have done in the first place. Meanwhile, top brass will come up with new rules, if necessary.

"We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of Department of Defense personnel at home and abroad," Army Colonel Robert Manning III said at a Pentagon news conference on Monday.

"DoD personnel are advised to place strict privacy settings on wireless technologies and applications. The heat map incident re-emphasizes the need for service members to be cautious about what data to share via wearable electronic devices."

You'd have thought the Green Machine would be up on this already, given how America's enemies have blundered into this sort of opesec gotcha in the past. In 2015, a Daesh-bag fighter published a picture of his fellow terror bastards on social media with location data included in the snap – and 22 hours later, Uncle Sam showed him the real meaning of photobombing with three very large explosives sending him to the next world.

Russian military authorities also got caught out the year before. In 2014, with Russia denying its troops were invading Ukraine, its soldiers posted several selfies that location data showing were within the, er, Ukrainian borders.

As always, check the privacy settings of your apps – and not just Strava's. ®

Updated to add

Strava is having a rethink about how it shares people's data – and urged folks to check their applications settings while it works "with military and government officials to address potentially sensitive data."

"Many team members at Strava and in our community, including me, have family members in the armed forces," said CEO James Quarles. "Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us."