Stephanie M. Lee, Buzzfeed:
The leaks, which were both repaired as of Monday, are believed to have left the personal information of Hzone and iFit users vulnerable since at least late November and last week, respectively, according to the cybersecurity blog DataBreaches.net, which first reported them. […]
In the case of Hzone, such information included names, email addresses, birthdays, relationship statuses, number of children, sexual orientation, sexual experiences, and messages like this, according to DataBreaches.net: “Hi. I was diagnosed 3 years ago now. CD4 and Viral Load is relatively good. I’m therefore not on Meds yet. My 6-monthly blood tests are due in June. Planning to go in meds. I’m worried about the side effects. What kinds of side effect have you experienced? Xx.” As many as 5,000 users appeared in the breach.
That’s not as many affected users as the 13 million exposed by MacKeeper, but the information collected by Hzone and iFit is far more sensitive and personal. It’s unconscionable that these apps are practically unregulated; even if they were subject to HIPAA requirements, that law largely protects information subject to doctor-patient confidentiality, not medical information itself.