Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users’ data

Lovense, a manufacturer of internet-connected sex toys, recently addressed security vulnerabilities that exposed users’ private email addresses and allowed remote account takeovers. The company confirmed that these bugs have been fully resolved and now requires users to update their apps to regain full functionality. However, Lovense CEO Dan Liu is reportedly considering legal action in response to what he described as erroneous reports about the security flaws, though it remains unclear whether this refers to media coverage or the security researcher’s disclosure. The security issues were initially revealed by a researcher known as BobDaHacker, who disclosed the vulnerabilities after Lovense indicated it would take 14 months to fully fix them instead of implementing a quicker, one-month fix that would have required notifying users. Despite Lovense’s claim that there is no evidence of data compromise or misuse, TechCrunch independently verified the email exposure bug, raising questions about the company’s assessment. Lovense has not clarified what technical evidence it has to support its claim of no data compromise. The situation highlights