{"id":40508,"date":"2025-08-01T23:36:09","date_gmt":"2025-08-01T23:36:09","guid":{"rendered":"https:\/\/www.newsbeep.com\/ca\/40508\/"},"modified":"2025-08-01T23:36:09","modified_gmt":"2025-08-01T23:36:09","slug":"sex-toy-maker-lovense-threatens-legal-action-after-fixing-security-flaws-that-exposed-users-data","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ca\/40508\/","title":{"rendered":"Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users’ data"},"content":{"rendered":"

Lovense, a maker of internet-connected sex toys, has confirmed it has fixed a pair of security vulnerabilities<\/a> that exposed users\u2019 private email addresses and allowed attackers to remotely take over any user\u2019s account.<\/p>\n

While the company said the bugs were \u201cfully resolved,\u201d its chief executive is now considering taking legal action following the disclosure.<\/p>\n

In a statement<\/a> shared with TechCrunch, Lovense CEO Dan Liu said the sex toy maker was \u201cinvestigating the possibility of legal action\u201d in response to allegedly erroneous reports about the bug. When asked by TechCrunch, the company did not respond to clarify whether it was referring to media reports or to a security researcher\u2019s disclosure.<\/p>\n

Details of the bug emerged this week after a security researcher, who goes by the handle BobDaHacker, disclosed that they reported the two security bugs<\/a> to the sex toy maker earlier this year. The researcher published their findings after Lovense claimed it would take 14 months to fully address the vulnerabilities rather than applying a \u201cfaster, one-month fix\u201d that would have required alerting users to update their apps.<\/p>\n

Lovense said in its statement, attributed to Liu, that the fixes put in place will require users to update their apps before they can resume using all of the app\u2019s features.<\/p>\n

In the statement, Liu claimed that there is \u201cno evidence suggesting that any user data, including email addresses or account information, has been compromised or misused.\u201d It\u2019s not clear how Lovense came to this conclusion, given TechCrunch (and other outlets<\/a>) verified the email disclosure bug by setting up a new account and asking the researcher to identify the associated email address.<\/p>\n

TechCrunch asked Lovense what technical means, such as logs, the company has to determine if there was any compromise of users\u2019 data, but a spokesperson did not respond.<\/p>\n

It\u2019s not unheard of for organizations to resort to legal demands and threats to try to block the disclosure of embarrassing security incidents, despite few rules or restrictions in the U.S. prohibiting such reporting.<\/p>\n

Earlier this year, a U.S. independent journalist rebuffed a legal threat<\/a> from a U.K. court injunction for accurately reporting a ransomware attack on U.K. private healthcare giant HCRG. In 2023, a county official in Hillsborough County, Florida, threatened criminal charges against a security researcher<\/a> under the state\u2019s computer hacking laws for identifying and privately disclosing a security flaw in the county\u2019s court records system that exposed access to sensitive filings.<\/p>\n","protected":false},"excerpt":{"rendered":"Lovense, a maker of internet-connected sex toys, has confirmed it has fixed a pair of security vulnerabilities that…\n","protected":false},"author":2,"featured_media":40509,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[49,48,283,29116,15913,29117,5545,26632,61],"class_list":{"0":"post-40508","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-ca","9":"tag-canada","10":"tag-cybersecurity","11":"tag-data-protection","12":"tag-hardware","13":"tag-lovense","14":"tag-privacy","15":"tag-sex-toys","16":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/40508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/comments?post=40508"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/40508\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media\/40509"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media?parent=40508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/categories?post=40508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/tags?post=40508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}