Lovense adult toy app leaks private user email addresses - what we know, and how to stay safe if you're affected

• Researchers found a way to extract email addresses from Lovense user accounts
• A mitigation was released, but allegedly it's not working as intended
• The company claims it still needs months before plugging the leak

Lovense, a sex tech company specializing in smart, remotely controlled adult toys, had a vulnerability in its systems which could allow threat actors to view people’s private email addresses.

All they needed was that person’s username and apparently - these things are relatively easy to come by.

Recently, security researchers under the alias BobDaHacker, Eva, Rebane, discovered that if they knew someone’s username (maybe they saw it on a forum or during a cam show), they could log into their own Lovense account (which doesn’t need to be anything special, a regular user account will suffice), and use a script to turn the username into a ...