A dating app aimed for people with HIV said it was hacked and the data of nearly 5,000 users was allegedly leaked by mistake, the U.K. newspaper the Mirror reports.
Security researchers from the website DataBreaches.net say HZone accidentally leaked the names, date of birth, email address and other personal information of 4,926 people, who may be HIV-positive. One of the researchers who said they spotted the data leak claimed the breach could lead to "identity theft, extortion demands or embarrassment."
The Mirror reports the website claimed it saw a large amount of information about HZone users, which was allegedly made accessible in November, when the app's database was left unsecure and accessible.
"The personal information included date of birth, religion, relationship status, country, email address, ethnicity, height, last login IP address, username, orientation, number of children, and password hash," <link|http: www.databreaches.net="" two-apps-with-health-info-found-leaking-researcher-part-2-hzone="" |="">DataBreaches said>. "Users can also enter their nicknames, share their political views and sexual life experiences, and post their photo in their profile."
In a statement posted to HZone's website, app officials commented on the breach, saying they want to "leave the database hack behind."
"Hzone's information database was temporarily exposed to hackers, during a server optimization process," the statement reads. "The breach was identified and neutralized quickly, and Hzone is now secured for the future."
Read the full statement below:
As a growing technology firm, we are always on the lookout of opportunities to optimize our data servers, to be able to deliver better services to all our stakeholders. During one such transition activity, our database was exposed to a group of hackers, who were able to momentarily access our servers. However, the breach was identified very swiftly, and strong security measures were put in place to secure the servers and databases immediately.
We are thankful to Databreaches.com for reporting this database hack attempt. Our database security experts worked tirelessly for a week at a stretch to ensure that all data leakage points were plugged and secured for the future.
Our systems have captured vital data pertaining to the group involved in the condemnable act of hacking into our databases. We firmly believe that any attempt to steal any sort of information is a despicable and immoral act, and reserve the right to sue the involved parties in all relevant courts of law. Our IT team is working on documenting evidence relevant to all steps of the security breach attempt made by the hackers.
Also, our data security experts are working day and night to ramp up to deploy to the most stringent security mechanisms and protocols to ensure that such no unauthorized access can be made to our databases. We've tightened out monitoring practices to ensure that any future attempts to hack into the Hzone databases will be detected at the earliest, and will be subsequently foiled.
We are eager to leaving this untowardly incident behind us and pursue our goal of bringing the positivity of love and friendship to the lives of HIV positive individuals worldwide. Nevertheless, we do realize that our information databases are repositories of sensitive information related to all our clients and partners.
That's enough reasons for us to issue an apology to all our website members, along with the promise that their experience at Hzone will never be compromised in terms of safety and security of data. We take this opportunity to call out [to] all members of the HIV positive fraternity, and all those who empathize with them, to be strong and keep the trust going. That's the only way we can send out a strong message of strength and resilience to all the data thieves and hackers of the world.