Following a blog post by a security researcher earlier this week highlighting how Lovense users’ private email addresses could potentially be exposed, these vulnerabilities have now been fixed by Lovense. However, it is not yet known how many email addresses may have been compromised.
The researcher, who uses the name BobDaHacker, published a detailed article on Monday after Lovense suggested it would take 14 months to fix the problems. The issue wasn’t that addresses were visible to other app users, but that if a user was utilising a network analysis tool and interacted with another user, they could see that other person’s email address. BobDaHacker noted that this would particularly impact cam models, who have public usernames but (understandably) private details.
BobDaHacker also identified a further vulnerability that would allow Lovense users’ accounts to be taken over via the email address.
The bugs were disclosed to Lovense in March by BobDaHacker via a project called the Internet of Dongs which aims to improve privacy and security surrounding online sex toys. However, after three months with no apparent fix, BobDaHacker went public with his findings.
Lovense has now fixed both issues. For anyone concerned that their data may have been compromised, Vice has published a series of practical tips that may help.
(Picture credit: Rami Al-zayat/Unsplash)
