- The Washington Times - Wednesday, December 16, 2015

A misconfiguration recently made public the names, contact details and other information pertaining to thousands of users who had downloaded a dating app aimed at people with HIV. The company responsible has since fixed the error, but not before threatening to infect with the disease a security researcher who tried to help.

The researcher, Chris Vickery, recently learned that a glitch affecting Hzone, “the number one HIV dating app for singles,” had allowed sensitive user information to become publicly available on the Internet, putting 4,926 user accounts at risk as of late last month, he told the DataBreaches.com website

The malfunction allowed for potential hackers to access details including names, email addresses, sexual orientation, political views and, in some cases, pictures and messages.

Hzone said that the issue was resolved Monday, but hasn’t yet taken responsibility for not protecting user data.

An administrator at DataBreaches said she was threatened with HIV when she attempted to bring the matter to the company’s attention.

“Why do you want to do this? What’s your purpose? We are just a business for HIV people,” a representative wrote to DataBreaches after being approached about the misconfigured database.

“If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don’t want to get HIV from us? If you do, go ahead,” the representative continued.

The recipient of the warning, a DataBreaches admin who goes by “Dissent,” said the threat was unlike any response she’s received in the past.

“You get the occasional legal threats, and you get the ‘you’ll ruin my reputation and my whole life and my children will wind up on the street’ pleas, but threats of being infected with HIV? No, I’ve never seen that one before, and I’ve reported on other cases involving breaches of HIV patients’ info,” she told CSO.

The misconfigured database didn’t jeopardize more than just health statistics, however. Dissent wrote that among the details made publicly available before a patch had been applied included messages sent between Hzone users.

“Hi. I was diagnosed 3 years ago now. CD4 and Viral Load is relatively good. I’m therefore not on Meds yet. My 6-monthly blood tests are due in June. Planning to go in meds. I’m worried about the side effects. What kinds of side effect have you experienced?” one user reportedly asked another in a message seen by the security researcher.

In the wake of high-profile hacks earlier this year that compromised the data of customers of both Anthem and Premera Blue Cross, a recent study suggested that one in three health care patients will become the victims of cyber breaches by the end of 2016.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide