Major ‘sex toy leak' reveals shoppers who bought them and even ‘personal emails' as company scrambles to fix bug
Lovense, which makes internet-connected sex toys, reportedly left user emails exposed for months without fixing the cybersecurity flaw.
2
Lovense is a Singapore-based sex tech company
Credit: Shutterstock Editorial
2
The Lovense platform is connected to the company's sex toy products, which can be controlled from afar via the app
Credit: Lovense
In
All it took to expose someone's email address, according to the researcher, was to mute someone's account.
BobDaHacker told Lovense about the vulnerability in March.
However, they claim the company waited months before fixing it, and still hasn't fully addressed the issue.
READ MORE ON APPS
The Lovense platform is connected to the company's sex toy products, which can be controlled from afar via the app.
The app is also used to "find like-minded thrill seekers", according to the company, and came under
fire in 2017 for a "minor bug" that
recorded users' sex sessions
.
BobDaHacker says they have developed a script that can convert someone's username into an email address in less than a second.
'This is especially bad for cam models who share their usernames publicly but obviously don't want their personal emails exposed,' BobDaHacker writes in their post.
Most read in Tech
A user's email address, combined with an authentication token generated by Lovense and captured by a hacker, is enough to take over a user's account.
The account takeover bug was fixed in April, according to Lovense.
Save money over summer on TV, games and even FOOD with app tricks
Although BobDaHacker disputes this, and says that a fix for the email leak issue would take 14 months to roll out.
'We also evaluated a faster, one-month fix," Lovense said, according to BobDaHacker.
"However, it would require forcing all users to upgrade immediately, which would disrupt support for legacy versions."
Other security researchers reported the same account takeover bug to Lovense in 2023, according to BobDaHacker.
But
In a statement to
'The full update is expected to be pushed to all users within the next week,' Lovense says.
'Once all users have updated to the new version and we disable older versions, this issue will be completely resolved.'
The Sun has contacted Lovense for comment.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Agriland
9 hours ago
- Agriland
Carbery Teams Up with European Agency to Trial New Methane Reducing Tech
Carbery has teamed up with the European climate innovation agency, Climate KIC, to trial "next-generation methane-reducing technologies" on 10 additional dairy farms in west Co. Cork. The research project has secured financial backing of €700,000 and will see the 10 farms trial new technologies, such as a treatment for improving manure management and satellite technology to map biodiversity and expand the research which is already underway as part of the Farm Zero C initiative. The Carbery group, together with BiOrbic, are among the key partners in the Farm Zero C project which aims to "create a climate-neutral, economically-viable dairy farm". The working farm acts a "living lab" for not just researchers but also farmer and policy makers. It has already trialed a number of innovations including carbon sequestration, renewable energy, low-emission slurry spreading, feed additives, regenerative agriculture, and improved herd and nutrient management. According to Enda Buckley, director of sustainability for Carbery, Farm Zero C, demonstrates that cutting emissions and maintaining profitability "can go hand-in-hand". Buckley also believes that Carbery 's FutureProof sustainability bonus - where farmers are paid a premium to "implement certain sustainability initiatives" "on their farms - also provides firsthand proof of what works. He said the new trial will give the group the opportunity "to bring these practical solutions to more farmers, faster.' According to Carbery, the project with Climate KIC will prioritise 'ready now' innovations, to reduce methane emissions rapidly "while retaining profitability". These technologies will be selected by Carbery and participating farmers and will include the Galway-based, Glasport's Bio's Slurry Abate system which "reduces methane, hydrogen sulphide, ammonia and other gaseous emissions". The first year of the new Carbery, Climate KIC project will focus on trialling technologies, "building collaboration with the first 10 farmers", collecting baseline data, and developing viable financial and narrative models. In year two, the project will be scaled, and a second farmer cohort added. According to John O'Donoghue, who is participating in the new trial, farmers have already seen "what works on one farm, as part of Farm Zero C". "This project is about taking what has been tested on one farm, and bringing it to more of them. "We will see then what works practically and what will actually make a difference to the average farmer," he added. Separately, Carbery's Farm Zero C and Climate KIC's Deep Demonstration programmes are also looking at funding models and financial supports to make methane-reduction technologies more affordable for farmers.
The Irish Sun
3 days ago
- The Irish Sun
Major ‘sex toy leak' reveals shoppers who bought them and even ‘personal emails' as company scrambles to fix bug
SHOPPERS have had their cheeky purchases leaked, and possibly their accounts hacked, following the breach of a popular sex toy app. Lovense, which makes internet-connected sex toys, reportedly left user emails exposed for months without fixing the cybersecurity flaw. 2 Lovense is a Singapore-based sex tech company Credit: Shutterstock Editorial 2 The Lovense platform is connected to the company's sex toy products, which can be controlled from afar via the app Credit: Lovense In All it took to expose someone's email address, according to the researcher, was to mute someone's account. BobDaHacker told Lovense about the vulnerability in March. However, they claim the company waited months before fixing it, and still hasn't fully addressed the issue. READ MORE ON APPS The Lovense platform is connected to the company's sex toy products, which can be controlled from afar via the app. The app is also used to "find like-minded thrill seekers", according to the company, and came under fire in 2017 for a "minor bug" that recorded users' sex sessions . BobDaHacker says they have developed a script that can convert someone's username into an email address in less than a second. 'This is especially bad for cam models who share their usernames publicly but obviously don't want their personal emails exposed,' BobDaHacker writes in their post. Most read in Tech A user's email address, combined with an authentication token generated by Lovense and captured by a hacker, is enough to take over a user's account. The account takeover bug was fixed in April, according to Lovense. Save money over summer on TV, games and even FOOD with app tricks Although BobDaHacker disputes this, and says that a fix for the email leak issue would take 14 months to roll out. 'We also evaluated a faster, one-month fix," Lovense said, according to BobDaHacker. "However, it would require forcing all users to upgrade immediately, which would disrupt support for legacy versions." Other security researchers reported the same account takeover bug to Lovense in 2023, according to BobDaHacker. But In a statement to 'The full update is expected to be pushed to all users within the next week,' Lovense says. 'Once all users have updated to the new version and we disable older versions, this issue will be completely resolved.' The Sun has contacted Lovense for comment.
Irish Examiner
3 days ago
- Irish Examiner
Paradyn predicts revenues from ManageEngine partnership to pass €1.6m
Cork-based services and cybersecurity provider Paradyn is forecasting revenues of over €1.6m in 2025 stemming from its partnership with enterprise IT management solution provider ManageEngine. ManageEngine is a global provider of IT management solutions. Last year, the partnership saw ManageEngine solutions deployed to more than 50,000 users across 40 public sector organisations and government agencies, with services like cybersecurity, regulatory compliance, and operational efficiency. The partnership brought revenues of €800,000 in 2024 and this is now expected to grow by 40%. Some of the users of the services include ESB, Teagasc, National Concert Hall, Dun Laoghaire County Council, Cork County Council, and Kildare County Council. 'Our partnership with ManageEngine allows us to deliver best-in-class IT management and cybersecurity solutions tailored to the public sector. As public services continue to digitalise, the need for reliable, secure, and cost-effective infrastructure becomes paramount," said Paradyn head of sales for managed services, Grace McCauley. ManageEngine is the IT management division of Zoho Corporation.
