A dating app for people living with HIV has been leaking the personal information of around 5,000 users, according to security researchers.
A researcher from the website DataBreaches discovered that dating app HZone had accidentally released the personal data of 5,027 users, including their names, date of birth and email addresses.
Given the nature of the dating app, the researcher who first spotted the leak, Chris Vickery claimed it could lead to a number of damaging consequences, including “identity theft, extortion demands, or embarrassment”.
Speaking about what was found in the leak, Vickery said: “The personal information included date of birth, religion, relationship status, country, email address, ethnicity, height, last login IP address, username, orientation, number of children, and password hash.
“Users can also enter their nicknames, share their political views and sexual life experiences, and post their photo in their profile.”
The site also reported seeing a personal message posted by a member of the app, which contained some very personal information.
The message read: “Hi. I was diagnosed 3 years ago now. CD4 and Viral Load is relatively good. I’m therefore not on Meds yet. My 6-monthly blood tests are due in June.
“Planning to go in meds. I’m worried about the side effects. What kinds of side effect have you experienced? Xx.”
The leak is thought to have occurred in November, at a time when the app’s database was allegedly left insecure.
On Monday, the security issues were repaired, and the app is now safe to use.