Popular gay hookup app Grindr, which has over 3.6 million daily active users worldwide, is under the scanner for sharing its users’ HIV status with two other companies. According to a recent report from BuzzFeed News, Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, has identified that Grindr shares its users’ location and HIV status with Apptimize and Localytics.

Apptimize and Localytics are companies which help optimize apps, and in this case, received information that Grindr users had included in their profiles. The information included their HIV status and their “last tested date”. Pultier was quoted by BuzzFeed News as saying:

“The HIV status is linked to all the other information. That’s the main issue. I think this is the incompetence of some developers that just send everything, including HIV status.”

SINTEF’s analysis also revealed that Grindr was also sharing its users’ location, “tribe”, sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies. It’s worth noting that this information, unlike the HIV data, was shared via “plain text”, which can be easily hacked.

Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News:

“It allows anybody who is running the network or who can monitor the network – such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government – to see what your location is…When you combine this with an app like Grindr that is primarily aimed at people who may be at risk – especially depending on the country they live in or depending on how homophobic the local populace is – this is an especially bad practice that can put their user safety at risk”.

In response, Grindr told BuzzFeed News that the services they receive from Apptimize and Localytics help them make the app better. In a statement regarding the matter, Grindr’s CTO Scott Chen was quoted saying:

“Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem…No Grindr user information is sold to third parties. We pay these software vendors to utilize their services…The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.”

Grindr’s Chief Security Officer Bryce Case has since revealed that the company will stop sharing data with the two companies when the app’s next update is released. However, he defended Grindr’s decision to share the data and argued that Apptimize and Localytics were just tools to help the app function better. He even added that the information was being “conflated with Cambridge Analytica” and the company did not sell the user data to any third-parties.