A dating app targeting HIV positive people is at the centre of a bizarre privacy storm at the moment, thanks to a database error apparently revealing details of users -- and the app maker appearing to threaten to infect those spreading news of the flaw with.... HIV.
The story goes that DataBreaches.net uncovered the site's leaking database a little over a week ago, and made news of the vulnerability public. Personal messages were found among the user details, which include the date of birth, religion, relationship status and IP addresses of account holders, plus, if they signed up to a premium account, credit card information.
DataBreaches.net said it informed app maker Hzone of the leak and heard nothing for five days, before the vulnerability was fixed. Hzone's communication with DataBreaches has since been published by CSO, showing that Hzone made the strange threat to infect the security researchers with HIV should news of the data leak be made public, saying:
"Why do you want to do this? What's your purpose? We are just a business for HIV people. If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don't want to get HIV from us? If you do, go ahead."