Lovense, a popular and creative manufacturer of sex toys, is hitting the mainstream. The social media platform has recently come under fire because of security vulnerabilities that have jeopardized users’ personal data. On Tuesday, the firm made the announcement that it is considering moving forward with a lawsuit. This follows on news that lost a widespread bug discovered by the security researcher widely known as BobDaHacker.
Earlier this year, I was making waves with some even bigger security bugs over at Lovense. After the disclosure, Lovense realized it would take more than 14 months to complete remediation of these vulnerabilities. The motor carrier came up with a faster fix. The downside of this option, though, is that it forces users to update their apps within 30 days to minimize risk.
Lovense’s CEO, Dan Liu, called user safety “paramount,” in a statement provided to The Register. He assured users that there was “no evidence suggesting that any user data, including email addresses or account information, has been compromised or misused.” Despite this assurance, the company is moving forward with legal considerations as they navigate the fallout from the reported bugs.
Lovense has poorly communicated with users that they are required to update the app. This is necessary to truly unlock all functionality once you make the fixes public. This announcement speaks to the company’s new focus on user security and transparency.
TechCrunch and other major cybersecurity media immediately acted to independently validate the email disclosure bug. They made new accounts and challenged BobDaHacker to find out what the email addresses were. Zack Whittaker, TechCrunch’s security editor, played a key role in verifying these findings, which further highlights the vulnerabilities present in Lovense’s systems.
2023 saw even more alarming trends in how some companies are onboarding security researchers. The Hillsborough County, Florida, chief information security officer issued an alarming threat to a security researcher. This occurred after the researcher found and privately disclosed a major security vulnerability in the county’s court records system—invoking state computer hacking law protections. These incidents set a dangerous precedent for how corporations would act during an embarrassing, potentially career-ending security breach.
Lovense has recently come under fire for allegations of unethical practices. Others allege that the company attempted to nuzzle the disclosure of security incidents. Now Lovense is working to repair these vulnerabilities to avert future occurrence. High on their list of goals should be user safety and regaining the long-lost trust of their users.
