Following Data Leak, HIV Dating App's Developers Threaten Infection (csoonline.com)

← Back to Stories (view on slashdot.org)

Following Data Leak, HIV Dating App's Developers Threaten Infection (csoonline.com)

Posted by Soulskill on Tuesday December 15, 2015 @03:05PM from the be-nice-when-somebody-helps-you dept.

itwbennett writes: Sometime before November 29, the MongoDB housing the data of Hzone, a dating app for HIV-positive singles, was exposed to the Internet. The company, displeased with having the security incident disclosed, responded to an email notification from DataBreaches.net with this threat: "Why do you want to do this? What's your purpose? We are just a business for HIV people. If you want money from us, I believe you will be disappointed. And, I believe your illegal and stupid behavior will be notified by our HIV users and you and your concerns will be revenged by all of us. I suppose you and your family members don't want to get HIV from us? If you do, go ahead." Hzone later apologized for the threat.

17 of 105 comments (clear)

Min score:

Reason:

Sort:

Trading on tragedy by Ritz_Just_Ritz · 2015-12-15 15:14 · Score: 2

So...we've got a company that runs a business by trading on someone else's misfortune. Rather "ballsy" to go after the folks reporting the breach rather than focus on the fact that their customers are flapping in the breeze as a result of their incompetence. Replace HIV with "leprosy" or "cancer"....the result is the same.
Sad.
1. Re:Trading on tragedy by thechemic · 2015-12-15 15:35 · Score: 3, Funny
  
  Following Data Leak, "Cancer" Dating App's Developers Threaten Infection
  Ugh...
  
  --
  Let's make like a bird... and get the flock outta here.
2. Re:Trading on tragedy by lgw · 2015-12-15 15:58 · Score: 2, Interesting
  
  Or, you know, its just a dating site for people with HIV. HIV patients are NOT lepers, and HIV is not necessarily terminal. You won't catch HIV from being in the presence, or even being intimate with , as long as unprotected sex isn't occuring.
  Leprosy isn't necessarily terminal: in fact it's curable. Like HIV, it's contagious, but not easily so (though perhaps more easily than HIV). Funny thing, prejudice.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
3. Re:Trading on tragedy by ArmoredDragon · 2015-12-15 16:25 · Score: 4, Insightful
  
  Umm...cancer typically isn't the result of incompetence. In act, 65% of the time it's completely by chance, meaning no action you took caused it, you just got unlucky. Leprosy isn't necessarily either, in fact it can spread by somebody coughing into their hand, touching a doorknob, and you coming up later and touching that same doorknob without ever seeing that person.
  Furthermore, fulfilling an economic need isn't trading on someone else's misfortune. If it was, then restaurants would be trading on someones misfortune of being hungry.
4. Re:Trading on tragedy by chipschap · 2015-12-15 16:59 · Score: 4, Funny
  
  I would say that the original response to DataBreach was probably shear ignorance.
  Shear ignorance ... a truly cutting remark.
5. Re:Trading on tragedy by ls671 · 2015-12-15 17:28 · Score: 2, Interesting
  
  I used to send notices to site admins that seem like they had been hijacked because on the requests/packets they were sending to my site. Why else would some public school site or not profit organization site try to brake into my systems unless they have been themselves compromised.
  I stopped doing this because some site admins though I was the one hijacking them so now it is all for myself; don't try to help otherwise you may get in trouble.
  Well, it silly but I guess this is how things work...
  
  --
  Everything I write is lies, read between the lines.
6. Re:Trading on tragedy by donscarletti · 2015-12-15 19:07 · Score: 2
  
  My guess this that this made by HIV infected people as a service to others with the same condition, rather than a money making activity, so I don't think we can question the motives of the people providing this service as being exploitative.
  However, they should have protected their users' information far better, given the special privacy requirements that their users have, especially in light of the recent Ashley Madison breeches. Blame is not a zero sum game, unless it's falling prey to a 0-day exploit in a third party system, getting hacked is 100% the service provider's fault, even if the hacker is also 100% responsible. Even in the case of 0-day exploits, steps should be taken to contain potential breeches and so the provider at least shares part of the blame.
  Furthermore, when someone makes a very credible and sincere sounding threat to infect the family of the perpetrator with a deadly and incurable disease, they should be dealt with according to recent precedent regarding people who make online death threats.
  
  --
  When Argumentum ad Hominem falls short, try Argumentum ad Matrem
7. Re:Trading on tragedy by ArmoredDragon · 2015-12-16 03:09 · Score: 2
  
  Your link says that 65% of the time it's caused by "random mutation", which means we don't know what caused it. Was it a cosmic ray? Something you ate? Some toxic perfume you wore?
  None of the above. afxgrin already answered this for you.
  
  Something that leached into your bottled water, since all (yes, all) plastic bottles leach toxics into their contents over time? It doesn't support your assertion.
  LOL, so now you're believing everything you read in those chain emails? Hate to piss in your cheerios, but those emails are chock full of urban myth:
  http://www.cancer.org/aboutus/...
Wrong People to Fuck With... by Anonymous Coward · 2015-12-15 15:20 · Score: 5, Funny

Somebody picked the wrong people to fuck with...
Following Data Leak, HIV Dating App's Developers T by turbidostato · 2015-12-15 15:23 · Score: 2

"Following Data Leak, HIV Dating App's Developers Threaten Infection"
Does the title even parse?
Re:Following Data Leak, HIV Dating App's Developer by penguinoid · 2015-12-15 15:48 · Score: 2

Does the title even parse?
Yes, but it won't make sense to you if you don't bother to read the summary. Point being that by allowing HIV patients to date each other means they won't be dating you so this site's existence means you're less likely to get infected.

--
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Re:Following Data Leak, HIV Dating App's Developer by FatLittleMonkey · 2015-12-15 15:52 · Score: 2

"Following Data Leak, HIV Dating App's Developers Threaten Infection"
Does the title even parse?
"Following {an event}, {subject} threatens {an act}." What's the issue?

--
Science is all about firing a drunk pig out of a cannon just to see what happens.
Re:For what purpose? by rhodium_mir · 2015-12-15 15:59 · Score: 2

A dating app is not a covered entity under HIPAA. Covered entities include health plans, health care providers, and health care clearinghouses.

--
You can't spell "oneiromancy" without "roman".
Re:For what purpose? by stephanruby · 2015-12-15 16:00 · Score: 4, Insightful

There's legit whistle blowing, and then there's this... What was the point, to extort and harass ppl. with HIV?
You obviously didn't read their article, their point was to stop the leak. They didn't extort anyone. They just wanted the leak to stop (or at least the web site shut down).

This is a data breach for the sake of a data breach (and boosting the status of a cracker or group's ego - who is "anonymous" anyway, of course, so don't see the point -- ??).
Hackers? You're going a bit far.
This information was getting indexed by at least one commercial search engine. If the information is so easy to access that even a normal search engine has access to it. The web site has done something wrong and the person who found this out is probably not much of a hacker.
But if then, the web site refuses to fix the leak, nor shut down the web site, five days after you've notified them and been in communication with them. Then, there is something seriously wrong with the site. If I had been the person running the site, I would have shut down the web site immediately, period. There is no excuse. If you don't know how to fix it, that's fine, then please just shut down the site. It's better your site is down for a week, than all that data being exposed out there for that same week.
Furthermore since the web site owner is lying about the number of ip addresses having accessed that confidential data, I think they should be sued and shut down permanently by their users (or simply shut down by the authorities). This site provides a valuable service, but if they don't know what they're doing and they're lying when confronted about their mistakes, then someone else should step in and fill that void in the dating marketplace.
Re: Prevent HIV. Don't do as in this haiku. by Anonymous Coward · 2015-12-15 16:34 · Score: 2, Insightful

Hateful bigotry,
You should be ashamed of your
Outdated dogma.
Hzone is run by complete idiots by bsolar · 2015-12-15 23:47 · Score: 2

From the article:

No, we didn’t notify them. If you will not publish them out, nobody else would do that, right? And I believe you will not publish them out, right?"
They assume only DataBreach has the data, which is something they actually don't know for sure. On top of that, they assume that DataBreach will not publish the data or sell it to the black market. I believe they will not, but if you are responsible for personal informations and the data gets into the hands of a third party you cannot just assume the third party will behave the way most convenient for you just because the alternative makes you unconfortable.
Multiple infections by GlobalEcho · 2015-12-16 01:50 · Score: 2

I feel for these people. Not only are they HIV positive, but they are also infected with MongoDB.