Sex Toy Maker Lovense Threatens Legal Action After Fixing Security Flaws That Exposed Users’ Data

Lovense, a shaper of internet-connected activity toys, has confirmed it has fixed a brace of information vulnerabilities that exposed users’ backstage email addresses and allowed attackers to remotely return complete immoderate user’s account.

While nan institution said nan bugs were “fully resolved,” its main executive is now considering taking ineligible action pursuing nan disclosure.

In a connection shared pinch TechCrunch, Lovense CEO Dan Liu said nan activity artifact shaper was “investigating nan anticipation of ineligible action” successful consequence to allegedly erroneous reports astir nan bug. When asked by TechCrunch, nan institution did not respond to explain whether it was referring to media reports aliases a information researcher’s disclosure.

Details of nan bug emerged this week aft a information researcher, who goes by nan grip BobDaHacker, disclosed that they reported nan 2 information bugs to nan activity artifact shaper earlier this year. The interrogator published their findings aft Lovense claimed it would return 14 months to afloat reside nan vulnerabilities alternatively than applying a “faster, one-month fix” that would person required alerting users to update their apps.

Lovense said successful its statement, attributed to Liu, that nan fixes put successful spot will require users to update their apps earlier they tin resume utilizing each of nan app’s features.

In nan statement, Liu claimed that location is “no grounds suggesting that immoderate personification data, including email addresses aliases relationship information, has been compromised aliases misused.” It’s not clear really Lovense came to this conclusion, fixed TechCrunch (and different outlets) verified nan email disclosure bug by mounting up a caller relationship and asking nan interrogator to place nan associated email address.

TechCrunch asked Lovense what method means, specified arsenic logs, nan institution has to find if location was immoderate discuss of users’ data, but a spokesperson did not respond.

It’s not unheard of for organizations to edifice to ineligible demands and threats to effort to artifact nan disclosure of embarrassing information incidents, contempt fewer rules aliases restrictions successful nan U.S. prohibiting specified reporting.

Earlier this year, a U.S. independent journalist rebuffed a ineligible threat from a U.K. tribunal injunction for accurately reporting a ransomware onslaught connected U.K. backstage healthcare elephantine HCRG. In 2023, a region charismatic successful Hillsborough County, Florida, threatened criminal charges against a information researcher nether nan state’s machine hacking laws for identifying and privately disclosing a information flaw successful nan county’s tribunal records strategy that exposed entree to delicate filings.