Strava, the company behind the heat map, calls itself a "social network for athletes." Users connect a GPS device to its service that allows them to upload their workout logs online. Those without a device can directly record their activities on Strava's mobile app.
The firm said the map was created using one billion recorded activities through September 2017 across 3 trillion latitude and longitude points. Data reflected on the map was not live, according to the Post.
Most parts of the United States and Western Europe lit up on the map with plenty of recorded activities. But parts of Africa and the Middle East were entirely dark except for scattered dots of light in those areas.
The Post reported that by zooming in on war zones and deserts in countries like Iraq and Syria, locations and outlines of known U.S. military bases could be seen — along with other unknown and potentially sensitive sites.
A spokesman for U.S. Central Command said Sunday that the U.S. military is looking into the implications of the map, according to the Post. But the military, the news outlet reported, did not respond to a question about existing regulations for using fitness-tracking apps.
To be clear, Google maps and public satellite images have previously showed the presence of military installations to the world, tech news outlet The Verge reported. It added that Strava's map provided additional context such as how people were moving about in those areas and how frequently they were doing so.
Multiple news outlets reported that the map, which was posted online late last year, received widespread attention after a Twitter user pointed out it could contain potentially sensitive information. The user theorized that some of the tracks could be regular jogging routes for soldiers.
The Post added that other journalists on Twitter were also weighing in on what they identified to be U.S. military bases.
Strava urged users in a statement to check the firm's website to understand the privacy settings. "Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform," a spokesman for the firm told CNBC, adding the map excluded activities that have been "marked as private and user-defined privacy zones."