U.S. Secretary of Defense Pete Hegseth is currently at the center of a massive security scandal. Recent reports confirm that Hegseth inadvertently shared classified military plans—including precise times and locations for strikes against Houthi forces in Yemen—within unauthorized Signal group chats.
The breach began when National Security Advisor Michael Waltz mistakenly added The Atlantic’s editor-in-chief, Jeffrey Goldberg, to a private chat containing sensitive operational details. This lapse in judgment, which exposed top-secret intelligence to a journalist, is being described as one of the most significant government tech blunders in recent history.
The Hegseth Security Failure
The situation escalated further this week when The New York Times revealed that Hegseth shared similar sensitive information in a separate Signal group that included his wife, his brother, and his lawyer. None of these individuals held the security clearance required to handle such intelligence, highlighting a systemic failure in how high-ranking officials manage information security on commercial platforms.
Strava and the Dangers of Fitness Tracking
Government officials aren’t the only ones struggling with digital privacy. In 2018, the fitness app Strava inadvertently compromised military security. By publishing a global “heat map” of user activity, the platform exposed the locations of secret military bases in conflict zones like Iraq and Afghanistan.
Because military personnel often used the app to track their runs, the public data effectively mapped the perimeters of sensitive installations. Bad actors could easily cross-reference these routes with public social media profiles to identify specific service members, proving that “default” privacy settings are often insufficient for those in high-stakes positions.
Okay here is where things get problematic: Via Strava, using pre-set segments we can scrape location specific user data from basically public profiles (and yes those exist w/in bases and lead us straight so social media profile of service members). https://t.co/VDNBGcKvIY
— Tobias Schneider (@tobiaschneider) January 29, 2018
Venmo: A Digital Map of the White House
Peer-to-peer payment apps are another common point of failure. In 2021, reporters from BuzzFeed News located Joe Biden’s Venmo account in less than ten minutes. By analyzing the president’s transaction network, they were able to map out his family members and broader social circle.
Even when accounts are set to private, friend lists on many platforms remain visible, allowing investigators to reconstruct private networks. Similar investigative techniques have recently been used to uncover the Venmo accounts of Pete Hegseth and Mike Waltz, proving that digital footprints are difficult to erase once established.
Human Error Trumps Encryption
Technology can provide end-to-end encryption, but it cannot prevent human error. A prime example occurred in 2017 involving Catalan politician Toni Comín. During a televised event in Belgium, a camera operator zoomed in on Comín’s phone, capturing a conversation with former Catalan president Carles Puigdemont.
The leaked messages revealed Puigdemont’s private admission of defeat regarding the Catalan independence movement. Despite the use of secure messaging apps, the physical visibility of the screen turned a private digital conversation into a public political crisis.
These incidents underscore a recurring theme: sophisticated encryption is useless if the user treats their device with complacency. Whether it is a leaked text message or a public fitness log, the greatest vulnerability in any security system remains the person holding the phone.