The GLP aggregated and excerpted this blog/article to reflect the diversity of news, opinion and analysis.
The leaks, which were both repaired, are believed to have left the personal information of Hzone and iFit users vulnerable since at least late November and last week, respectively, according to the cybersecurity blog DataBreaches.net, which first reported them.
These two leaks together affect far fewer people than another data breach affecting 13 million users of the software MacKeeper, a breach reported the same day and discovered by the same “white hat” security researcher Chris Vickery. But the health app leaks are significant because they contained, in some cases, unusually sensitive and personal information. They also underscore how many health apps do not have to comply with federal patient privacy laws — even if they collect personal information — if they do not share that information with doctors and others bound by those same privacy laws.
Vickery told BuzzFeed News that he discovered the leaks by looking through Shodan, a search engine that indexes pretty much anything connected to the internet. After he found databases for iFit and Hzone and realized they shouldn’t be public, he brought them to the attention of DataBreaches.net.
Read full, original post: A HIV‐Positive Dating App Leaked 5,000 Users’ Data