HIV Dating App Company Threatens Press With HIV Infection For Reporting On Personal Info Leak
from the high-five dept
It's not uncommon to see threats towards the press occur when someone has been embarrassed. Whether it's an idiotic presidential campaign mad over a rape allegation or an attorney general pissed off at reporters who are attempting to, you know, report, these things happen. Perhaps even more common are threats against the press when they report on security exploits, such as when Sony demanded the end of the publication of documents the press got after one of the many, many times Sony has been hacked.
But I've never seen a company threaten to infect a member of the press with HIV before. This strange tale starts with an app called Hzone, which is a dating application for singles that are HIV positive. And, hey, why not? The HIV-infected need love, too. But running a site like that would seem to come with a particularly dire need for security, which should not result in the user database for the app being publicly exposed to the internet, as it was a few weeks ago.
Today's story is strange, but true. It's brought to you by DataBreaches.net and security researcher Chris Vickery. Vickery discovered that the Hzone application was leaking user data, and properly disclosed the security issue to the company. However, those initial disclosures were met with silence, so Vickery enlisted the help of DataBreaches.net.So, as too often seems to happen with these cases, a researcher found a security flaw and brought it to the company's attention, only to be completely ignored. Then the researcher goes to a press outlet, DataBreaches.net in this case. Even as Vickery continued to let the company know about the leak, the database remained exposed. And this is a database, I feel compelled to remind you, filled with the personal information of HIV infected persons. The issue wasn't fixed until mid-December, some three weeks or more since the issue was initially reported. At about that same time, DataBreaches informed Hzone that it would be reporting on the leak.
And that's when this tale takes a strange and disgusting turn.
Finally, when DataBreaches.net informed Hzone that the details of the security issues would be written about, the company responded by threatening the website's admin (Dissent) with infection.Ah, the old "We'll just infect you and your family with HIV, haha!" tactic to silence reporters. This is a company that, again, caters directly to the community of the HIV infected, exposed that community's personal information, and then used HIV infection as a cheap threat on a reporter simply for reporting on the leak. Why would anyone want anything to do with these people any longer? And, while barely apologizing, Hzone appears to be more interested in doing CYA than true security.
"Why do you want to do this? What's your purpose? We are just a business for HIV people. If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don't want to get HIV from us? If you do, go ahead."
Hzone later apologized for the threat, but it still took them some time to fix their flawed database. The company accused DataBreaches.net and Vickery of altering data, which led to speculation that the company didn't fully understand how to secure user information. An example of this is one email where the company states that only a single IP address accessed the exposed information, which is false considering Vickery used multiple computers and IP addresses.On top of that, Hzone responded to a question by DataBreaches as to whether or not the company bothered to inform its users that their personal information had been compromised.
"No, we didn't notify them. If you will not publish them out, nobody else would do that, right? And I believe you will not publish them out, right?"Oops.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Seems a bit harsh.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Isn't threatening to commit a felony against someone a pretty serious crime in and of itself?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Actually muslims are also a protected class in many circles - they even have their own "phobia" word to prove it.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Whiskey Tango Foxtrot?
[ link to this | view in chronology ]
Re: Whiskey Tango Foxtrot?
[ link to this | view in chronology ]
Technology!
[ link to this | view in chronology ]
Re: Technology!
[ link to this | view in chronology ]
Re: Technology!
[ link to this | view in chronology ]
Horse's head
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I applaud them for building a dating app for people who serosort, but their disregard and willingness to lie to protect the image over the customers is appalling.
I was also annoyed to learn that apparently if you sign up, you can never get your profile removed even if you quit. Holding on the data like that makes one wonder who else they are providing the data to (and what other things they can scrape via the app).
Things like this are why there needs to be mandatory reporting of leaks/breaches with hefty fines for trying to cover it up.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Par for the course.
[ link to this | view in chronology ]
Re:
This has NOTHING to do with a lifestyle you simpleton fuck.
Because it was an app that was used by those who have HIV, there have been just AWESOME comments focusing on the HIV and not the fact that these fuckwits could have built an app for any group and fucked it up the same way.
From the really openminded comments here one is so very fucking shocked that they might have needed a dating app where a question of someones status wasn't the elephant in the room. I very much enjoyed the openminded idiot who wanted to turn some app running asshats unwillingness to admit they leaked the data into a commentary on how those with HIV never want to disclose their status.
But then one has to remember their are assholes in everything, and keeping the stereotype going to paint everyone with a disease as being evil people out to secretly infect people surely doesn't make these peoples lives harder. Of course by the same token I guess because we all use computers we all DL CP, because some fuckwit did it so everyone must be the same.
Pity it wasn't an app for survivors of sexual abuse so someone could have made comments about how they were asking for it & you know they put out if you give them some candy.
Can't see how these openminded responses would make it that much more worrying that identifying information of these people is out there in the wild, even the small sample here shows how accepted people dealing with this disease are in the world.
[ link to this | view in chronology ]
That Anonymous Coward, you mad bro?
"keeping the stereotype going to paint everyone with a disease as being evil people out to secretly infect people surely doesn't make these peoples lives harder."
If the operators of the site (which I assume is also HIV positive) says that he and [sic] the app user base will infect the report and his family with HIV, then that is not a stereo type nor is it a secret. I this case it seems as if the stereo type is being created by the people with the disease and that they are making their own lives harder.
My opinion on the matter sides with the data breach and regardless of the status of the members of the site, the company is/was irresponsible.
[ link to this | view in chronology ]
Re: That Anonymous Coward, you mad bro?
[ link to this | view in chronology ]
Re: Re: That Anonymous Coward, you mad bro?
...a massive problem in Africa at the moment, which religious zealots are making worse by banning condoms, etc.
Babies born to HIV-positive mothers can get it.
The trouble with being narrow-minded is it's hard to see the big picture. If you're going to bash "teh gayz," admit it's because you think it's yuck, don't go hiding behind excuses, it gets in the way of sorting out the mess that results of people trying to live with HIV while surrounded by judgemental prats who insist it's their own fault.
[ link to this | view in chronology ]
Re: Re: That Anonymous Coward, you mad bro?
Breeder is only offensive if you give it the power to offend you. I know straight people I call my favorite breeders, I guess maybe its like how its okay for a black person to call someone their N but not always cool for their white freind to say it to them.
So from your comments, your either a troll trying to bait me or someone who is having issues questioning your sexuality because someone expressed an interest in you and you rebuffed them so they lashed out because their feelings were hurt.
Does it make you feel less adequate that they were no longer as interested in you once you rebuffed them?
Does it make you feel better to think that all gay men want you and can't have you? Perhaps overreacting in this way to think that it is all gay people should be a warning sign to you that the old adage could be true... methinks she doth protest to much.
There are lots of people in the world who have HIV through no fault of their own, like the girls who have been raped in some cultures because someone told them sleeping with a virgin would cure them. Those girls didn't live dangerously or recklessly.
The fact that it is easier to date someone in the same boat than to face amazing openmindedness like yours should be crystal clear. You think everyone who has the disease is just another "bad person" who deserved it because some asshole hit on you and you decided to make them the poster child for all teh gays.
While you are most likely pretty, I'm guessing because someone invested the time in trying to bed you, I'm pretty sure that fell to the wayside the more you spoke.
Stop being such a closed-minded breeder.
[ link to this | view in chronology ]
Re: That Anonymous Coward, you mad bro?
The fact that there were any HIVphobic posts upset me. I was also upset by the dumbass who made the stupid threat, because my gift is foresight and I can see how that will be run with.
One jackass made the statement, he tried to include the user base in his threats and you're more than willing to look at them being complicit in what he did without their consent or knowledge. We have this amazing ability to hold entire sections of the population responsible for the actions of 1 dumbass. And I suppose that if the user base wanted to be treated differently they should prepare their own statements and have a huge event decrying the words of 1 idiot... how many events did you attend the last time someone of your race/religion/etc did something stupid so that you wouldn't be lumped in with the "bad ones"?
Amazingly I might be in several groups (I am my own Venn Diagram) who are expected to decry the actions of individuals so I don't get lumped in with the "bad ones" and I take offense to the simplistic - idiot said this so everyone in group X is the same way thinking. I have enough people I offend on my own, I don't need to carry the burdens of others as well.
[ link to this | view in chronology ]
No rocket scientists here!
On the subject of available cluehammers, might this app intrude into HIPAA territory? I would guess not, because of all the loopholes built into HIPAA, but then I gave up trying to figure it out at about page eleventeen-squillion.
@Pronounce:
Does the company you work for truly believe that foster families DON'T have the right to know that a child who has been placed with them is HIV+? That seems downright sociopathic.
[ link to this | view in chronology ]