Yesterday, “BuzzFeed” broke the news that Grindr, the dating app aimed at gay men, had been selling users’ data to two third-party companies. Among the data sold were users’ HIV status.

Grindr admitted that it sold data to Apptimize and Localytics. (No word on how these companies were using the data.) Grindr users can provide their HIV status and date of their last HIV test in their profile on the app. The two third-party companies would’ve had easily identifiable information because the HIV status data was sent along with “users’ GPS data, phone ID and email.”

Norwegian research nonprofit company SINTEF was the first entity to find the problem.  Though Grinder said that the information sent was encrypted (simply put, made into a code that’s not easily broken), the company also revealed that the data provided from Grindr could be further hacked.

In recent months, Grindr has made more strides related to HIV. The app nows offers ad-targeting to HIV-testing websites, and users can sign up for HIV-test reminders.

Though Grindr announced plans later yesterday to discontinue sharing HIV data with the third-party companies, the damage has already been done. It will be interesting to see if this data breach will affect the app’s number of users in the near future.

Grindr reports 3.6M+ “daily active users” worldwide.