UPDATE: Grindr’s security chief Bryce Case tells Axios that it will no longer share users’ HIV information with third-party vendors. He said that the companies in question—Apptimize and Localytics—helped manage Grindr’s app performance, and he stressed that Grindr isn’t like Facebook, which recently came under fire for sharing data with Cambridge Analytica. More details at the link above.

Grindr, the world’s largest gay dating and hookup app, shares HIV data of its users with two companies, reports BuzzFeed News. And because that HIV data—including status and date last tested—is linked with users’ phone number, email and GPS info, the men could be identified and located.

The two companies in question are Apptimize and Localytics. Both specialize in optimizing apps. “These are standard practices in the mobile app ecosystem,” Grindr chief technology officer Scott Chen told BuzzFeed News in a statement. “No Grindr user information is sold to third parties. We pay these software vendors to utilize their services.”

However, Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News that “even if Grindr has a good contract with the third parties saying they can’t do anything with that info, that’s still another place that that highly sensitive health information is located.” Quintin added, “If somebody with malicious intent wanted to get that information, now instead of there being one place for that—which is Grindr—there are three places for that information to potentially become public.”

Longtime AIDS advocate Peter Staley and the activist group ACT UP responded to the BuzzFeed article with tweets:

James Krellenstein, another AIDS activist told BuzzFeed News: “Grindr is a relatively unique place for openness about HIV status. To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety—that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”

The Grindr data analysis was conducted by researchers at SINTEF, a Norwegian nonprofit.

In other Grindr news, as of early 2018, the company has been fully owned by Chinese tech company the Kunlun Group, whose executives are taking over operations at Grindr.

Experts in government intelligence operations told The Washington Post that the news was alarming because the Chinese government could now have access to the sensitive data on Grindr. “What you can see from Chinese intelligence practices is a clear effort to collect a lot of personal information on a lot of different people, and to build a database of names that’s potentially useful either for influence or for intelligence,” Peter Mattis, a specialist on government intelligence and a China fellow at the Jamestown Foundation, told the newspaper. “Then later, when the party-state comes into contact with someone in the database, there’s now information to be pulled.”

Last week, Grindr made headlines by launching a feature that can remind users to get tested for HIV every three to six months. That news was mostly met with enthusiasm. For details, click here.