Lovense was told its sex toy app leaked users’ emails and didn’t fix it

Here is a 194-word summary of the news article: Lovense, a company that makes internet-connected sex toys, was made aware of a vulnerability in its app that exposed users' email addresses. Security researcher BobDaHacker discovered that they could easily obtain a user's email address by exploiting a flaw in the app's API. This could allow bad actors to take over users' accounts, which was especially concerning for cam models who share their usernames publicly. BobDaHacker initially reported the vulnerabilities to Lovense in March, but the company did not immediately fix the issues. Lovense claimed that one bug was fixed in April, and that a fix for the email leak would take 14 months to implement, citing the need to avoid disrupting support for older app versions. Researchers later reported the same account takeover bug to Lovense in 2023, but the company appears to have closed the bug without fully resolving it. Lovense has now submitted an app update to address the latest vulnerabilities, which it expects to push to all users within a week. The company says the issue will be completely resolved once all users have updated and older app versions are disabled.