Following Data Leak, HIV Dating App's Developers Threaten Infection (csoonline.com)

← Back to Stories (view on slashdot.org)

Following Data Leak, HIV Dating App's Developers Threaten Infection (csoonline.com)

Posted by Soulskill on Tuesday December 15, 2015 @03:05PM from the be-nice-when-somebody-helps-you dept.

itwbennett writes: Sometime before November 29, the MongoDB housing the data of Hzone, a dating app for HIV-positive singles, was exposed to the Internet. The company, displeased with having the security incident disclosed, responded to an email notification from DataBreaches.net with this threat: "Why do you want to do this? What's your purpose? We are just a business for HIV people. If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don't want to get HIV from us? If you do, go ahead." Hzone later apologized for the threat.

51 of 105 comments (clear)

Min score:

Reason:

Sort:

Trading on tragedy by Ritz_Just_Ritz · 2015-12-15 15:14 · Score: 2

So...we've got a company that runs a business by trading on someone else's misfortune. Rather "ballsy" to go after the folks reporting the breach rather than focus on the fact that their customers are flapping in the breeze as a result of their incompetence. Replace HIV with "leprosy" or "cancer"....the result is the same.
Sad.
1. Re:Trading on tragedy by thechemic · 2015-12-15 15:35 · Score: 3, Funny
  
  Following Data Leak, "Cancer" Dating App's Developers Threaten Infection
  Ugh...
  
  --
  Let's make like a bird... and get the flock outta here.
2. Re:Trading on tragedy by lgw · 2015-12-15 15:58 · Score: 2, Interesting
  
  Or, you know, its just a dating site for people with HIV. HIV patients are NOT lepers, and HIV is not necessarily terminal. You won't catch HIV from being in the presence, or even being intimate with , as long as unprotected sex isn't occuring.
  Leprosy isn't necessarily terminal: in fact it's curable. Like HIV, it's contagious, but not easily so (though perhaps more easily than HIV). Funny thing, prejudice.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
3. Re:Trading on tragedy by ArmoredDragon · 2015-12-15 16:25 · Score: 4, Insightful
  
  Umm...cancer typically isn't the result of incompetence. In act, 65% of the time it's completely by chance, meaning no action you took caused it, you just got unlucky. Leprosy isn't necessarily either, in fact it can spread by somebody coughing into their hand, touching a doorknob, and you coming up later and touching that same doorknob without ever seeing that person.
  Furthermore, fulfilling an economic need isn't trading on someone else's misfortune. If it was, then restaurants would be trading on someones misfortune of being hungry.
4. Re:Trading on tragedy by BitZtream · 2015-12-15 16:33 · Score: 1
  
  I would say that the original response to DataBreach was probably shear ignorance. It was probably a response written by someone non-technical that doesn't understand that it wasn't DataBreach that did the deed, but rather they discovered and were notifying them.
  Look at the way the HIV site reacted. Seems pretty clear that the original response was an angry/hurt reaction and the apology likely occurred after someone technical pointed out what was actually going on.
  Admittedly, I didn't read the article, but I'm guilty of that sort of response and the later discovery that your hurt/angry response was directed at the wrong person and having to go back and say sorry about it ...
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
5. Re:Trading on tragedy by Anonymous Coward · 2015-12-15 16:46 · Score: 1
  
  At least it protects people from their kind. They keep infecting people that don't have it which is how it spreads. Those infected people are infecting others. If they would stop, AIDS would die off, but instead those people decided to keep infecting others.
6. Re:Trading on tragedy by chipschap · 2015-12-15 16:59 · Score: 4, Funny
  
  I would say that the original response to DataBreach was probably shear ignorance.
  Shear ignorance ... a truly cutting remark.
7. Re:Trading on tragedy by ls671 · 2015-12-15 17:28 · Score: 2, Interesting
  
  I used to send notices to site admins that seem like they had been hijacked because on the requests/packets they were sending to my site. Why else would some public school site or not profit organization site try to brake into my systems unless they have been themselves compromised.
  I stopped doing this because some site admins though I was the one hijacking them so now it is all for myself; don't try to help otherwise you may get in trouble.
  Well, it silly but I guess this is how things work...
  
  --
  Everything I write is lies, read between the lines.
8. Re:Trading on tragedy by Nemyst · 2015-12-15 17:32 · Score: 1
  
  The parent meant that Hzone's customers are flapping in the wind because of Hzone's incompetence at protecting their data, not that HIV/leprosy/cancer are a result of incompetence.
9. Re:Trading on tragedy by DeathElk · 2015-12-15 17:50 · Score: 1
  
  A handful of butthurt site owners can hardly be compared to the entire HIV community.
10. Re:Trading on tragedy by h33t+l4x0r · 2015-12-15 17:50 · Score: 1
  
  Wait, is "Shear Ignorance" the name of a hair salon for HIV people? Now I'm confused.
11. Re:Trading on tragedy by donscarletti · 2015-12-15 19:07 · Score: 2
  
  My guess this that this made by HIV infected people as a service to others with the same condition, rather than a money making activity, so I don't think we can question the motives of the people providing this service as being exploitative.
  However, they should have protected their users' information far better, given the special privacy requirements that their users have, especially in light of the recent Ashley Madison breeches. Blame is not a zero sum game, unless it's falling prey to a 0-day exploit in a third party system, getting hacked is 100% the service provider's fault, even if the hacker is also 100% responsible. Even in the case of 0-day exploits, steps should be taken to contain potential breeches and so the provider at least shares part of the blame.
  Furthermore, when someone makes a very credible and sincere sounding threat to infect the family of the perpetrator with a deadly and incurable disease, they should be dealt with according to recent precedent regarding people who make online death threats.
  
  --
  When Argumentum ad Hominem falls short, try Argumentum ad Matrem
12. Re:Trading on tragedy by drinkypoo · 2015-12-15 22:13 · Score: 1
  
  Umm...cancer typically isn't the result of incompetence. In act, 65% of the time it's completely by chance, meaning no action you took caused it,
  Your link says that 65% of the time it's caused by "random mutation", which means we don't know what caused it. Was it a cosmic ray? Something you ate? Some toxic perfume you wore? Some toxic perfume someone else wore? Something that leached into your bottled water, since all (yes, all) plastic bottles leach toxics into their contents over time? It doesn't support your assertion.
  The article is inherently misleading since we never know what caused a cancer. We can crunch the numbers but we have to rely on statistics. If you have cancer and live in a cancer cluster then we know it's probably environmental. But we can never trace a cancer back to the atom or particle that caused it.
  
  Leprosy isn't necessarily either, in fact it can spread by somebody coughing into their hand, touching a doorknob, and you coming up later and touching that same doorknob without ever seeing that person.
  Touching a doorknob is something you did. It's terrible that it's not safe to touch a doorknob, but it isn't, and we all know it isn't. We still do it anyway. I'm getting closer and closer to the point of wearing gloves every time I have to touch stuff when I'm out. I do my best not to shake hands any more, either. Dirty habit, and outdated.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
13. Re:Trading on tragedy by AmiMoJo · 2015-12-15 23:34 · Score: 1
  
  A bit OT but back in the 90s when dial-up was the norm I noticed the RX light on my modem flash every 10 seconds. I investigated and found that some random IP address was sending me pings. Back then I was using an Amiga and would respond to pings. Anyway, this annoyed me so I did a bit of port scanning on the source IP, found telnet was available and connected.
  It seemed to be some kind of router OS, not BSD or Linux anyway. I could't find much info or a list of commands, but eventually found that RESET would stop the pings and disconnect me. Maybe a week later they would start again, and I'd telnet in an RESET whatever it was.
  Never figured out who or what was doing it or why. Didn't have the skills to at the time. These day's I'd probably have had armed anti-terror squads kicking in my door. I'd have asked the person who owned that thing to stop if I knew how.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
14. Re:Trading on tragedy by ls671 · 2015-12-15 23:44 · Score: 1
  
  Leave in peace ;-)
  
  --
  Everything I write is lies, read between the lines.
15. Re:Trading on tragedy by ls671 · 2015-12-15 23:48 · Score: 1
  
  live ;-)
  
  --
  Everything I write is lies, read between the lines.
16. Re:Trading on tragedy by KGIII · 2015-12-16 00:03 · Score: 1
  
  Probably for emos.
  
  --
  "So long and thanks for all the fish."
17. Re:Trading on tragedy by ls671 · 2015-12-16 00:09 · Score: 1
  
  In my area, the first Internet providers aside from the Universities(/Army) were definitely using Linux. I am still using Slackware in prod systems in 2015 but this is just me.
  This was about 10 years before banks that have said they would never go online went. It has been a turning point. After they did, it was now safe to make financial transactions using the Internet in the mind of the people.
  
  --
  Everything I write is lies, read between the lines.
18. Re: Trading on tragedy by dilvish_the_damned · 2015-12-16 01:34 · Score: 1
  
  They can get more indignant. Somehow.
  
  --
  I think you underestimate just how much I just dont care.
19. Re:Trading on tragedy by afxgrin · 2015-12-16 02:41 · Score: 1
  
  They took stem cells and observed their behaviour. This isn't some study where they just averaged incident rates vs. environmental exposure.
  https://www.sciencemag.org/con...
  Non-paywalled version of the full paper:
  http://www.uvm.edu/~cdanfort/c...
20. Re:Trading on tragedy by afxgrin · 2015-12-16 02:45 · Score: 1
  
  The funny part is I'm reading this paper now and I don't see where they came up with this 65% number being quoted in the CBC article. It's implied they got it from the principal author but he's not quoted as saying 65%.
21. Re:Trading on tragedy by afxgrin · 2015-12-16 02:49 · Score: 1
  
  Nevermind....
  "A linear correlation equal to 0.804 suggests that 65% (39% to 81%; 95% CI) of the differences in cancer risk among different tissues can be explained by the total number of stem cell divisions in those tissues."
22. Re:Trading on tragedy by wernercd8122 · 2015-12-16 02:51 · Score: 1
  
  That number (65%) is one of the 85% of statistics that's made up on the spot.
23. Re:Trading on tragedy by ArmoredDragon · 2015-12-16 03:09 · Score: 2
  
  Your link says that 65% of the time it's caused by "random mutation", which means we don't know what caused it. Was it a cosmic ray? Something you ate? Some toxic perfume you wore?
  None of the above. afxgrin already answered this for you.
  
  Something that leached into your bottled water, since all (yes, all) plastic bottles leach toxics into their contents over time? It doesn't support your assertion.
  LOL, so now you're believing everything you read in those chain emails? Hate to piss in your cheerios, but those emails are chock full of urban myth:
  http://www.cancer.org/aboutus/...
24. Re:Trading on tragedy by BigDish · 2015-12-16 03:24 · Score: 1
  
  You say that they run a dating site targeting HIV+ individuals like it's a bad thing. The reality is that the majority of HIV- people in the world are woefully under-educated about HIV and the ways it does (and does not) spread. This causes many HIV- people to refuse to date HIV+ people. In turn, many HIV+ people prefer to date other HIV+ people as they know their date won't reject them due to their serostatus.
  Regarding incompetence, it's not always that way. Certainly in many cases it is, but I have a friend that was in a monogamous relationship with one person. That person cheated on him, contracted HIV, and passed it along to him. Please explain how my friend got HIV through his incompetence.
25. Re:Trading on tragedy by GrimShady · 2015-12-16 09:33 · Score: 1
  
  So...we've got a company that runs a business by trading on someone else's misfortune.
  Yeah like those bastards building wheelchairs and those god damned ambulance drivers. Get those capitalist sumbitches!!!
  ffs it would be nice to go through an entire day without some dumbass activist babbling about something they know nothing about...
26. Re:Trading on tragedy by drinkypoo · 2015-12-16 22:41 · Score: 1
  
  Something that leached into your bottled water, since all (yes, all) plastic bottles leach toxics into their contents over time? It doesn't support your assertion.
  LOL, so now you're believing everything you read in those chain emails? Hate to piss in your cheerios, but those emails are chock full of urban myth:
  And then you proceed to link something which doesn't actually speak to my assertions. It addresses one chemical. It's also from the American Cancer Society, which makes it dubious on its own. They are Big Pharma whores. Guess what? There are multiple known carcinogens commonly used in plastic drinking water bottles, and they leach into their contents. The government insisted that BPA was safe, and we saw how much bullshit that was. Now they're insisting that BPS and the rest of of this shit is safe, and you're eating it up. How's about paying attention to the lessons of history? If it looks like a hormone, and gets into your body, it can do shit there. And these plastic compounds overwhelmingly do look like hormones to your body. They're shaped just like them.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
27. Re:Trading on tragedy by ArmoredDragon · 2015-12-18 12:35 · Score: 1
  
  If you're going to argue that everything you don't know about is dangerous, then you shouldn't ever eat anything again. Because by your argument, you might die from eating one of the hundreds of ingredients in a raw apple (or anything else) that you've never heard of and don't know what they do. Seriously, you're entire post is one big example of a logical fallacy:
  https://en.wikipedia.org/wiki/...
28. Re:Trading on tragedy by ArmoredDragon · 2015-12-18 12:59 · Score: 1
  
  Oh, and pushing aside your really bad logical fallacy, as for your supposed link to cancer in water bottles, I think it's more likely that you'd get cancer from coffee. Why? Well coffee has over 36 known carcinogens in it (this includes natural/organic coffee.) KNOWN. Not this "fear of the unknown" shit you're appealing to.
29. Re:Trading on tragedy by RockDoctor · 2015-12-22 01:10 · Score: 1
  
  See message 51129311.
  Just because some people have misused statistics in the past doesn't mean that all statistics are bullshit. Try some re-education.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Wrong People to Fuck With... by Anonymous Coward · 2015-12-15 15:20 · Score: 5, Funny

Somebody picked the wrong people to fuck with...
1. Re:Wrong People to Fuck With... by penguinoid · 2015-12-15 15:50 · Score: 1, Funny
  
  Yeah, they might give you a virus.
  
  --
  Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Following Data Leak, HIV Dating App's Developers T by turbidostato · 2015-12-15 15:23 · Score: 2

"Following Data Leak, HIV Dating App's Developers Threaten Infection"
Does the title even parse?
Re:Following Data Leak, HIV Dating App's Developer by penguinoid · 2015-12-15 15:48 · Score: 2

Does the title even parse?
Yes, but it won't make sense to you if you don't bother to read the summary. Point being that by allowing HIV patients to date each other means they won't be dating you so this site's existence means you're less likely to get infected.

--
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Re:Following Data Leak, HIV Dating App's Developer by FatLittleMonkey · 2015-12-15 15:52 · Score: 2

"Following Data Leak, HIV Dating App's Developers Threaten Infection"
Does the title even parse?
"Following {an event}, {subject} threatens {an act}." What's the issue?

--
Science is all about firing a drunk pig out of a cannon just to see what happens.
Re:Following Data Leak, HIV Dating App's Developer by HeckRuler · 2015-12-15 15:58 · Score: 1

Oh it parses, I too thought for a moment that "Infection" was computer oriented and the title makers were being cutesy. (In rather bad taste if you ask me). Because there was NO WAY that they'd threaten infection with HIV.
But no. It's ACTUALLY that horrible. That's a LITERAL headline. Holy shit, wtf, $[expletive-of-choice-here].
Re:For what purpose? by rhodium_mir · 2015-12-15 15:59 · Score: 2

A dating app is not a covered entity under HIPAA. Covered entities include health plans, health care providers, and health care clearinghouses.

--
You can't spell "oneiromancy" without "roman".
Re:For what purpose? by stephanruby · 2015-12-15 16:00 · Score: 4, Insightful

There's legit whistle blowing, and then there's this... What was the point, to extort and harass ppl. with HIV?
You obviously didn't read their article, their point was to stop the leak. They didn't extort anyone. They just wanted the leak to stop (or at least the web site shut down).

This is a data breach for the sake of a data breach (and boosting the status of a cracker or group's ego - who is "anonymous" anyway, of course, so don't see the point -- ??).
Hackers? You're going a bit far.
This information was getting indexed by at least one commercial search engine. If the information is so easy to access that even a normal search engine has access to it. The web site has done something wrong and the person who found this out is probably not much of a hacker.
But if then, the web site refuses to fix the leak, nor shut down the web site, five days after you've notified them and been in communication with them. Then, there is something seriously wrong with the site. If I had been the person running the site, I would have shut down the web site immediately, period. There is no excuse. If you don't know how to fix it, that's fine, then please just shut down the site. It's better your site is down for a week, than all that data being exposed out there for that same week.
Furthermore since the web site owner is lying about the number of ip addresses having accessed that confidential data, I think they should be sued and shut down permanently by their users (or simply shut down by the authorities). This site provides a valuable service, but if they don't know what they're doing and they're lying when confronted about their mistakes, then someone else should step in and fill that void in the dating marketplace.
Re: Prevent HIV. Don't do as in this haiku. by Anonymous Coward · 2015-12-15 16:34 · Score: 2, Insightful

Hateful bigotry,
You should be ashamed of your
Outdated dogma.
Re:Bug chasers by sexconker · 2015-12-15 17:46 · Score: 1

It's real.
It's called a pozzing party.
Promiscuity by AntoniojrAvellanosa · 2015-12-15 20:08 · Score: 1

Some subjects are too taboo for social media. And there goes my name.Thank you Sir.
A threat? by desperados · 2015-12-15 22:55 · Score: 1

Obviously the guy didn't understand the "threat"... If the HIV Dating App is rendered useless, then those HIV people will land to places such as Tinder, with a higher danger that "the guy or its family members" get HIVs... But yeah, people just seem to care more about this inoffensive threat than the real threat of taking the HIVs App down... (!!)
Hzone is run by complete idiots by bsolar · 2015-12-15 23:47 · Score: 2

From the article:

No, we didn’t notify them. If you will not publish them out, nobody else would do that, right? And I believe you will not publish them out, right?"
They assume only DataBreach has the data, which is something they actually don't know for sure. On top of that, they assume that DataBreach will not publish the data or sell it to the black market. I believe they will not, but if you are responsible for personal informations and the data gets into the hands of a third party you cannot just assume the third party will behave the way most convenient for you just because the alternative makes you unconfortable.
1. Re:Hzone is run by complete idiots by amicusNYCL · 2015-12-16 06:44 · Score: 1
  
  The writer at DataBreach indicated that she did not download the data set, because it contained personal information. That was in response to a comment asking if she went ahead and notified the users herself. It definitely sounds like the people running the site don't have a clue though. The week or so that it took them to secure the database was probably spent finding a person who knew how to do that.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Re:Following Data Leak, HIV Dating App's Developer by Anonymous Coward · 2015-12-16 00:55 · Score: 1

Yes but apparently the HIV patients are also banding together to revenge-infect entire families, which is a cause for concern.
Not really. Unless you are one of the assholes that does that stuff.
I hope they do it. If the Internet (and computers in general) is characterized as simply, "a place of lack of consequences." This, at it's fundamental core, is wrong. Likewise, expecting it to work properly while letting people make up their own rules of behavior to use it is simply foolish.
If you are feeling the urge to get faggy about it, perhaps you should check your own behavior.
Maybe, someday, the guys that put bad people in cages will catch up (they are trying, bless them) and find ways to punish those that greatly negatively effect others lives for profit, or worse, simply for fun.
What SHOULD happen is naming, arrest, charging, trial, and punishment to fit the crime.
But we all know it won't.
I'll settle for violence in revenge if that's all that's available to keep it from going right off the rails.
The fact that YOU get upset about this leads me to believe you are one of the ones doing the bad shit. Hell, your very Slashdot username implies such. So you getting worried about it... is GOOD.
They should be arrested... by Anonymous Coward · 2015-12-16 01:10 · Score: 1

Umm....if that sort of threat were made, it's a legitimate death threat, and the police should arrest the morons who made it.
Multiple infections by GlobalEcho · 2015-12-16 01:50 · Score: 2

I feel for these people. Not only are they HIV positive, but they are also infected with MongoDB.
Re:Following Data Leak, HIV Dating App's Developer by Anonymous Coward · 2015-12-16 05:14 · Score: 1

So.... you think it's reasonable for an HIV infected individual to infect the entire family/families of an organization that notified them of a data breach even though they did not, in fact, perpetrate the breach? Because that's what they threatened to do. Man. You're a douchebag.
Re:For what purpose? by fafaforza · 2015-12-16 05:38 · Score: 1

For one, physicians take the Hyppocratic Oath. Site admins usually don't.
Apologies... by DriveDog · 2015-12-16 06:54 · Score: 1

A meaningful apology would be immediately firing the person who sent the threat and anyone else in a position to remedy it but who chose not to.
Bennett by ttucker · 2015-12-16 09:16 · Score: 1

Another, "fake hype/nobody cares", bennett story.