HIV Dating App Company Threatens Press With HIV Infection For Reporting On Personal Info Leak

from the high-five dept

It’s not uncommon to see threats towards the press occur when someone has been embarrassed. Whether it’s an idiotic presidential campaign mad over a rape allegation or an attorney general pissed off at reporters who are attempting to, you know, report, these things happen. Perhaps even more common are threats against the press when they report on security exploits, such as when Sony demanded the end of the publication of documents the press got after one of the many, many times Sony has been hacked.

But I’ve never seen a company threaten to infect a member of the press with HIV before. This strange tale starts with an app called Hzone, which is a dating application for singles that are HIV positive. And, hey, why not? The HIV-infected need love, too. But running a site like that would seem to come with a particularly dire need for security, which should not result in the user database for the app being publicly exposed to the internet, as it was a few weeks ago.

Today’s story is strange, but true. It’s brought to you by and security researcher Chris Vickery. Vickery discovered that the Hzone application was leaking user data, and properly disclosed the security issue to the company. However, those initial disclosures were met with silence, so Vickery enlisted the help of

So, as too often seems to happen with these cases, a researcher found a security flaw and brought it to the company’s attention, only to be completely ignored. Then the researcher goes to a press outlet, in this case. Even as Vickery continued to let the company know about the leak, the database remained exposed. And this is a database, I feel compelled to remind you, filled with the personal information of HIV infected persons. The issue wasn’t fixed until mid-December, some three weeks or more since the issue was initially reported. At about that same time, DataBreaches informed Hzone that it would be reporting on the leak.

And that’s when this tale takes a strange and disgusting turn.

Finally, when informed Hzone that the details of the security issues would be written about, the company responded by threatening the website’s admin (Dissent) with infection.

“Why do you want to do this? What’s your purpose? We are just a business for HIV people. If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don’t want to get HIV from us? If you do, go ahead.”

Ah, the old “We’ll just infect you and your family with HIV, haha!” tactic to silence reporters. This is a company that, again, caters directly to the community of the HIV infected, exposed that community’s personal information, and then used HIV infection as a cheap threat on a reporter simply for reporting on the leak. Why would anyone want anything to do with these people any longer? And, while barely apologizing, Hzone appears to be more interested in doing CYA than true security.

Hzone later apologized for the threat, but it still took them some time to fix their flawed database. The company accused and Vickery of altering data, which led to speculation that the company didn’t fully understand how to secure user information. An example of this is one email where the company states that only a single IP address accessed the exposed information, which is false considering Vickery used multiple computers and IP addresses.

On top of that, Hzone responded to a question by DataBreaches as to whether or not the company bothered to inform its users that their personal information had been compromised.

“No, we didn’t notify them. If you will not publish them out, nobody else would do that, right? And I believe you will not publish them out, right?”


Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “HIV Dating App Company Threatens Press With HIV Infection For Reporting On Personal Info Leak”

Subscribe: RSS Leave a comment
That Anonymous Coward (profile) says:

These idiots have no business being in control of peoples data.

I applaud them for building a dating app for people who serosort, but their disregard and willingness to lie to protect the image over the customers is appalling.

I was also annoyed to learn that apparently if you sign up, you can never get your profile removed even if you quit. Holding on the data like that makes one wonder who else they are providing the data to (and what other things they can scrape via the app).

Things like this are why there needs to be mandatory reporting of leaks/breaches with hefty fines for trying to cover it up.

That Anonymous Coward (profile) says:

Re: Re:

So basically, “I can’t be bothered to read the article and I will spout off with stupid comments.”

This has NOTHING to do with a lifestyle you simpleton fuck.

Because it was an app that was used by those who have HIV, there have been just AWESOME comments focusing on the HIV and not the fact that these fuckwits could have built an app for any group and fucked it up the same way.

From the really openminded comments here one is so very fucking shocked that they might have needed a dating app where a question of someones status wasn’t the elephant in the room. I very much enjoyed the openminded idiot who wanted to turn some app running asshats unwillingness to admit they leaked the data into a commentary on how those with HIV never want to disclose their status.

But then one has to remember their are assholes in everything, and keeping the stereotype going to paint everyone with a disease as being evil people out to secretly infect people surely doesn’t make these peoples lives harder. Of course by the same token I guess because we all use computers we all DL CP, because some fuckwit did it so everyone must be the same.

Pity it wasn’t an app for survivors of sexual abuse so someone could have made comments about how they were asking for it & you know they put out if you give them some candy.

Can’t see how these openminded responses would make it that much more worrying that identifying information of these people is out there in the wild, even the small sample here shows how accepted people dealing with this disease are in the world.

Anonymous Coward says:

That Anonymous Coward, you mad bro?

Wow, by far you have the record for using the work ‘fuckwit’ and ‘openminded’ in a post. I only saw one, maybe two posts that fall into the HIVphobia you are referring to. Most of them are crude attempts at humor and some are actually funny. The largest percentage of comments dealt with the data breach. The funniest thing you said was:

“keeping the stereotype going to paint everyone with a disease as being evil people out to secretly infect people surely doesn’t make these peoples lives harder.”

If the operators of the site (which I assume is also HIV positive) says that he and [sic] the app user base will infect the report and his family with HIV, then that is not a stereo type nor is it a secret. I this case it seems as if the stereo type is being created by the people with the disease and that they are making their own lives harder.

My opinion on the matter sides with the data breach and regardless of the status of the members of the site, the company is/was irresponsible.

Anonymous Coward says:

Re: That Anonymous Coward, you mad bro?

It’s funny – they can live as dangerously and recklessly as they please, and insist that nobody else judge them by stereotypes. Of course, the moment they start calling straights “breeders” and other loaded derogatory terms, nobody speaks up about it. Because it’s “homophobic” or “breeders” have had it too good for too long or something. If a dude doesn’t like having a dick up his ass it’s because he’s “close-minded” for knocking it before he’s tried it. Give me a fucking break.

Wendy Cockcroft says:

Re: Re: That Anonymous Coward, you mad bro?

You know straight people can get HIV too, don’t you? Blood transfusions were a vector back in the Eighties, or having sex with one’s husband or boyfriend not knowing he was infected…

…a massive problem in Africa at the moment, which religious zealots are making worse by banning condoms, etc.

Babies born to HIV-positive mothers can get it.

The trouble with being narrow-minded is it’s hard to see the big picture. If you’re going to bash “teh gayz,” admit it’s because you think it’s yuck, don’t go hiding behind excuses, it gets in the way of sorting out the mess that results of people trying to live with HIV while surrounded by judgemental prats who insist it’s their own fault.

That Anonymous Coward (profile) says:

Re: Re: That Anonymous Coward, you mad bro?

I enjoy your assumption that the entire user base is gay, did you not find their website to see the typical boy girl pairing shown in the screenshots?

Breeder is only offensive if you give it the power to offend you. I know straight people I call my favorite breeders, I guess maybe its like how its okay for a black person to call someone their N but not always cool for their white freind to say it to them.

So from your comments, your either a troll trying to bait me or someone who is having issues questioning your sexuality because someone expressed an interest in you and you rebuffed them so they lashed out because their feelings were hurt.
Does it make you feel less adequate that they were no longer as interested in you once you rebuffed them?

Does it make you feel better to think that all gay men want you and can’t have you? Perhaps overreacting in this way to think that it is all gay people should be a warning sign to you that the old adage could be true… methinks she doth protest to much.

There are lots of people in the world who have HIV through no fault of their own, like the girls who have been raped in some cultures because someone told them sleeping with a virgin would cure them. Those girls didn’t live dangerously or recklessly.

The fact that it is easier to date someone in the same boat than to face amazing openmindedness like yours should be crystal clear. You think everyone who has the disease is just another “bad person” who deserved it because some asshole hit on you and you decided to make them the poster child for all teh gays.

While you are most likely pretty, I’m guessing because someone invested the time in trying to bed you, I’m pretty sure that fell to the wayside the more you spoke.

Stop being such a closed-minded breeder.

That Anonymous Coward (profile) says:

Re: That Anonymous Coward, you mad bro?

You should check my post history, I have some epic expletive laden responses to things. This one was fairly tame for how pissed I was.

The fact that there were any HIVphobic posts upset me. I was also upset by the dumbass who made the stupid threat, because my gift is foresight and I can see how that will be run with.

One jackass made the statement, he tried to include the user base in his threats and you’re more than willing to look at them being complicit in what he did without their consent or knowledge. We have this amazing ability to hold entire sections of the population responsible for the actions of 1 dumbass. And I suppose that if the user base wanted to be treated differently they should prepare their own statements and have a huge event decrying the words of 1 idiot… how many events did you attend the last time someone of your race/religion/etc did something stupid so that you wouldn’t be lumped in with the “bad ones”?

Amazingly I might be in several groups (I am my own Venn Diagram) who are expected to decry the actions of individuals so I don’t get lumped in with the “bad ones” and I take offense to the simplistic – idiot said this so everyone in group X is the same way thinking. I have enough people I offend on my own, I don’t need to carry the burdens of others as well.

Cranky says:

No rocket scientists here!

The response from the company makes it sound like they’re only vaguely acquainted with such advanced technical concepts as verbal communication. It is sufficient to convince me that they would not have any competence whatsoever at infosec. Of course I never expect infosec competence from any “app” company anyway; it’s simply not a part of their general business model.

On the subject of available cluehammers, might this app intrude into HIPAA territory? I would guess not, because of all the loopholes built into HIPAA, but then I gave up trying to figure it out at about page eleventeen-squillion.


Does the company you work for truly believe that foster families DON’T have the right to know that a child who has been placed with them is HIV+? That seems downright sociopathic.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...