Summary Points
-
Data Leak Vulnerability: Lovense is leaking user email addresses and allowing account takeovers without passwords due to a serious security flaw, as reported by ethical hacker BobDaHacker.
-
Exploit Discovery: The vulnerability enables anyone to convert usernames into email addresses through Lovense’s API, compromising user privacy, especially for cam models on the platform.
-
Inadequate Response: Despite being reported in March 2025, Lovense claimed the issue was fixed, which BobDaHacker contested, revealing that patches were not implemented until 2025.
- History of Privacy Issues: This incident follows a 2017 event where the Lovense app recorded audio without consent, highlighting ongoing concerns about user privacy and security.
A serious security flaw haunts Lovense, the sex toy company known for its app-controlled devices. Recent findings reveal that users’ email addresses might leak, allowing unauthorized account access without a password.
According to a security researcher, this vulnerability enables anyone to transform a public username into an email address swiftly. The hacker, operating under the name BobDaHacker, discovered the flaw after encountering issues while using the app. They accessed Lovense’s API and ran a script, revealing the email addresses linked to various usernames in mere seconds.
This issue poses significant risks for users, particularly cam models who rely on the platform for their work. The possibility of account takeovers threatens personal privacy and financial stability. Furthermore, users can create authentication tokens with just an email address. This exploit works across multiple Lovense platforms, including the Chrome Extension and associated apps.
Despite reporting these vulnerabilities to Lovense in March 2025, the researcher says the company has failed to address them promptly. Lovense initially claimed to have patched the account takeover vulnerability in June. However, BobDaHacker insists that the flaw remains unresolved.
Lovense acknowledged the email disclosure issue, stating that a complete fix could take up to 14 months. They argued that a quicker resolution would disrupt support for older app versions.
This isn’t the first time Lovense has faced scrutiny over user privacy. A 2017 incident revealed that the app recorded audio without consent, causing distress among users. Though the company addressed that bug, trust issues linger, reminding users of the importance of data security in tech.
As smart cities and urban innovation continue to evolve, ensuring user data protection becomes paramount. Companies like Lovense must prioritize security, as the implications of such flaws extend beyond individual users, impacting the broader community. Enhanced security measures can foster trust and encourage further technological advancements. Ultimately, safeguarding user information remains critical as we navigate an increasingly interconnected world.
Stay Ahead with the Latest Tech Trends
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
GadgetsV1
