HIV Dating Company Accuses Researchers of Hacking Database (csoonline.com)

← Back to Stories (view on slashdot.org)

HIV Dating Company Accuses Researchers of Hacking Database (csoonline.com)

Posted by timothy on Tuesday December 22, 2015 @02:25AM from the data-is-everywhere dept.

itwbennett writes: Slashdot readers will recall the story posted last week about the misconfiguration of the MongoDB database that powers Hzone, a dating app for the HIV-positive, and the ensuing threat of HIV infection the company hurled at DataBreaches.net, who sent the notification. (Hzone later apologized.) But that's not the end of the story. Among other twists and turns that point to a CEO who was in way over his head, in several emails to Dissent, the admin of DataBreaches.net, Hzone CEO Justin Robert accused Dissent of changing the Hzone user database. But follow-up emails suggest that the company couldn't tell what was accessed or when, as Robert says Hzone doesn't have 'a strong tech team to maintain the site.'

9 of 71 comments (clear)

Min score:

Reason:

Sort:

That's a first by Anonymous Coward · 2015-12-22 02:36 · Score: 3, Informative

I know this warning is unnecessary here, but do not follow the second link in the summary (same as the one under the title). This is the first time a /. summary has been better written than the source article.
What content there was to be found between the typos and grammar errors indicated that the immunocompromised dating site owners are incompetent, sue happy, and really bad liars. (A fairly common combination, so nothing unusual there.)
Normal by nospam007 · 2015-12-22 02:47 · Score: 2

"...point to a CEO who was in way over his head,"
Aren't they all, these days?
1. Re:Normal by jellomizer · 2015-12-22 03:30 · Score: 3, Insightful
  
  Well with IT security nowadays it is very hard for a small focused business to survive in today's market.
  Back in the 1980's and 1990's we had a slew of applications created by non-developers due to easy to learn languages such as Basic/Visual Basic, FoxPro, DBase, Access, etc... Being that these applications ran on a local network via file shares, with a more or less trusted group of employees. Security was never a concern. So the small company can make a custom app with a very small investment and allow them to be agile to adjust their business processes.
  However now with hackers who will blindly attack any system that is vulnerable, or worse the hackers who think they have a mission to expose the bad people in the world. Means you need staff that are specialized in IT security. To keep their data safe, and be able to track and report on vulnerabilities.
  This is like forcing a Mom and Pop candy shop to have armed guards on the payroll just in case someone breaks in and steals the candy, and exposes all the candy customers in the store. As to shame them for being the cause of obesity in the world.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
2. Re:Normal by unencode200x · 2015-12-22 03:37 · Score: 2
  
  This is a huge point. The company and therefore the CEO are responsible for their customers' very sensitive information. Saying that they don't have a strong IT team is like a bank saying they don't have a safe. What the hell? Of all places you would think a website that knows you have a highly stigmatic disease would get this and spend appropriately even if it meant charging their clients more. I'm guessing those clients would have been happy to do so.
  
  --
  
  Chance favors the prepared mind.
  Perfect is the enemy of good.
3. Re:Normal by gstoddart · 2015-12-22 03:52 · Score: 2
  
  The company and therefore the CEO are responsible for their customers' very sensitive information.
  Show me the case law which says that.
  Time and time again companies are utterly inept at security, get hacked, and basically say "gee, we'd like to say we're sorry but we're not really, and since we're not liable we don't care".
  CEOs are, in my opinion, largely responsible for being greedy assholes doing PR and sales ... and they don't think they have any such responsibility as protecting your data. At the small company level, a CEO is a self appointed title by some schmuck who thinks he's got a winning business idea. My guess is this is more of the same.
  Make companies and CEOs actually responsible for such stuff, and something might happen. Right now corporations can be utterly incompetent, and they have no liability at all.
  If your'e expecting some kind of 'moral' responsibility, good luck with that.
  So, some guy has an idea for a website, does a shitty job of building and securing it, and gets hacked. Do you really think the CEO is losing any sleep?
  
  --
  Lost at C:>. Found at C.
His name isn't Justin Robert, it's Mao JianQiang by TechFurryFox · 2015-12-22 03:06 · Score: 5, Interesting

I performed a reverse on the domains when the original controversy set out. This guy isn't HIV positive, he's just a guy in China trying to make a buck off others. He also has an app called SugarD and there are many other domains he has registered in an attempt to have a successful business. The company is pretty much run by him and whatever support he may have hired, which is the reason hzoneapp doesn't have a solid technical team. Check out the self published prweb for hzone, he calls himself "Justin M, CEO." Looks like you made a slip up there with keeping your name consistent Mr. JianQiang.
Re:His name isn't Justin Robert, it's Mao JianQian by TechFurryFox · 2015-12-22 03:13 · Score: 4, Informative

Just to give everyone the FYI, Mr. JianQiang also has the following domains: tophivdatingsites lesbiandatingonline singleparentdatingonline singleparentfish pozty - alas to hzoneapp ubaliaoyn - some chinese site xoiiixaab - some chinesesite He stopped the other site projects when he scored with hzone. He's not a single parent, he's not lesbian(well he may like women) and he's certainly not POZ. He's just a Chinese man screwing everyone over with this charade. So Mr. JianQiang, drop the act.
Re:"Researchers" by dissy · 2015-12-22 04:51 · Score: 2

You are a researcher if you buy the software, install it, and then see what you can do. If you try to get into a system belonging to someone else, you are a fucking criminal.
You are aware the researcher simply saw a "HIV dating site database dump.zip" up on bittorrent and decided to inform the site owner that he may want to check that shit out to see if it is theirs and if so maybe fix their site up, right?
If I found something of yours across town in the middle of the street, that you put your own name and address on, why am I a criminal for returning it to you or informing you where I found it, if I am not the one that took it and put it there?
Re:Systematic attack by KGIII · 2015-12-22 14:24 · Score: 2

I think this thread might actually be the worst analogy thread ever. The sad truth of this is, the "researcher" didn't even *do* the "research* but found their database on a torrent site and informed them because he feared it might belong to them.
So it's like you're trying to make an analogy about a guy who isn't actually the guy who did it and cars, doors, shop keepers, candy stores, and condoms!
Worst Analogy Thread Ever!

--
"So long and thanks for all the fish."