This famous sextoys manufacturer leaves the contact details of its customers at the sight of all

A security researcher easily recovered the email addresses of tens of millions. Nevertheless, of customers from a famous sextoys manufacturer. Meanwhile, Worse still: this fault allows you to fully take control of their account.

We don’t necessarily want the whole world to know our little secrets … However, Even less when these secrets concern rather naughty toys that we keep in a well -closed drawer! Meanwhile, This kind of information, we generally prefer to leave it where it should be: in privacy. Similarly, Because if some connected objects run heads and vibrate the hearts, these are rather done for something else … Nevertheless, But now many users see their depths exposed to the light! Moreover, Lovense, the famous connected sex toy manufacturer, finds himself victim of a massive data leak. Moreover, Customers can tremble!

Lovense leak: in this famous sextoys manufacturer leaves danger accounts

Several months ago. Nevertheless, a cybersecurity researcher called Bobdahacker informed Lovense of the existence of two major security flaws in the API of his mobile application. Furthermore, As he explains In a blog articlethese faults allow hackers not only to steal the email addresses of other users. but also to hack their accounts. In total, more than 20 million customers would be affected.

The manipulation to do to seize this data is rather simple and extremely quick to do. While examining the application API, the researcher simply mooded another user. The corresponding email address then appeared in the API response. “The whole process took approximately 30 seconds by username manually. Thanks to the script (computer program. editor’s note) that we created to automate it, the conversion of a username to email address has taken less than a second”he explains.

This is particularly dangerous for cam models – people who film themselves via a webcam. often on adult platforms, to interact with an audience, generally against remuneration – which publicly share their pseudonyms but want to preserve their anonymity. Worse. with this simple email address, it is possible to create authentication tokens to access a Lovense account without password, and thus take control.

Lovense leak: an already old vulnerability

Bobdahacker reported the two flaws in Lovense. who assured him to work on a corrective in March 2025. The company then claimed to have corrected the vulnerability to take control in April. but the researcher disputes this version of the facts. She then told him that “We have launched a long -term correction plan which will take about 10 months. and at least an additional 4 months will be necessary to implement a complete this famous sextoys manufacturer leaves solution”, And this, on the grounds that a faster solution would disrupt the management of the old versions of the application. The cold shower! This is why the researcher finally decided to make this affair public.

Especially since another researcher. calling herself Krissy, had already discovered this vulnerability in September 2023 and had also reported it to Lovense, who allegedly claimed to have corrected him. Since then. the manufacturer has said to Techcrunch that they have solved the two problems: the takeover bug would be fully resolved and the other flaw should be corrected in an update that should be deployed to all users next week. Hopefully this time it is true!

This is not the first time that Lovense has had to manage security scandals. In 2017. users had discovered that the Android Lovense application recorded private audio sessions without their knowledge, which the brand this famous sextoys manufacturer leaves had described as “minor software bug” before deploying a fix.