- Grindr shared users' HIV status and dates of their most recent tests with two third-party companies, a BuzzFeed News report revealed.
- This data can be linked to users' locations, phone IDs, and email addresses.
- The company has since said it would stop sharing the user information, but defended its previous data-sharing as "industry practice."
The LGBTQ dating app, which has more than 3.6 million daily active users around the world, was recently revealed by BuzzFeed News to have shared the HIV statuses of its users as well as the dates of their most recent tests with two data optimisation companies.
While the two companies, Apptimize and Localytics, were only given limited user information, each user's HIV status and "last tested date" were linked to other personal information including GPS data, phone ID, and email address.
In other words, the companies would be able pinpoint an individual user's identity and location and link them to their HIV status. This could potentially endanger people living in countries or communities where homosexuality is frowned upon or even outlawed.
Grindr announced it would stop sharing users' HIV status hours after BuzzFeed's report published. However, Scott Chen, the company's chief technology officer, defended the company's data-sharing as an "industry standard use of third party partners."
Grindr CTO Scott Chen's blog post, posted on Monday night.Grindr/Tumblr
Chen also insisted that Grindr doesn't sell user information to third parties and that its contractors do not share the user information any further.
But the fact that the user information was now held by at least three separate companies -- Grindr, Apptimize, and Localytics -- made the data more vulnerable to hacks, tech security expert Cooper Quintin told BuzzFeed.
Logging HIV statuses and last tested dates is optional on the app, meaning not every user was exposed through the Apptimize/Localytics contract.
However, Grindr has also shared users' precise GPS position, sexuality, relationship status, ethnicity, and phone ID with other third-party advertising companies, BuzzFeed reported. This data was sometimes shared via "plain text," which can be easily hacked.