A Lovense security flaw may be letting people take over accounts without a password
Lovense, a sex toy company, is facing a security flaw that allows account takeovers without a password and discloses users' email addresses, according to a security researcher. The researcher, BobDaHacker, reported the issues to Lovense in 2023, but the company has not fully addressed them. The account takeover bug allows anyone to generate authentication tokens and access accounts, including admin accounts, without a password. The email disclosure flaw allows the researcher to obtain the email addresses associated with any public username in less than a second. Lovense has acknowledged the issues, stating that fixing the email disclosure flaw could take up to 14 months. This is not the first time Lovense has faced privacy concerns, as a previous incident in 2017 revealed the app was recording audio without user consent.
Note: This is an AI-generated summary of the original article. For the full story, please visit the source link below.
