Security researchers discovered a vulnerability in the HIV dating APP against the threat of HIV attacks by manufacturers

Security researchers discovered a vulnerability in the HIV dating APP against the threat of HIV attacks by manufacturers

Websites and applications around the world encourage researchers to point out vulnerabilities in their systems, however, a commercial HIV threat security researcher developed for online dating for HIV-positive users cannot notify them of any security vulnerabilities in the program.
Exclusive application of HIV: Hzone
Hzone-an application designed for HIV-positive Singles' Day users. It currently has over 4900 users. A security researcher Chris Vickery found a vulnerability in the software that leaked user data. He reported the vulnerability to developers, but they did not respond. Chris Vickery immediately notified DataBreaches.net. As a result, the databreaches Administrator received the threat of HIV infection after running the application.
"Why are you doing this? What is your purpose? We are just a company that provides dating services to aids users. If you want our money, you will be disappointed. And your illegal and stupid behavior will be retaliated by all of us! I think you and your family don't want to get HIV from us, do you? If you want to do this, please wait !"
This is an excerpt from the email that the databreaches Administrator received after confirming the security problem.
Although Hzone apologized later and said it would fix the vulnerability, it later sued Vickery and databases.net for changing the information, and the company did not know how to protect their user data.
The developer said that information data can only be accessed through a single IP address, but Vickery has accessed data from multiple IP addresses. This is a problem!

Although the data leakage was finally solved, I had to say it was a silly email conversation.
Permanent data storage?
Hzone also has these other problems. For example, once a configuration file is created, the data in the file cannot be deleted even if the application is no longer used. Therefore, if one day the program's data has a vulnerability, the information of those who no longer use the application will be easily exposed, in addition, Hzone has not yet notified users of vulnerability threats.

So this kind of software should not be used for dead downloads, and developers will be amazing.