The Indian Express reports:
A cybersecurity researcher has identified critical vulnerabilities in an app developed by sex toy manufacturer Lovense that not only exposed the private email addresses of users but also enabled threat actors to hijack a user’s account on the platform.
The anonymous researcher published their findings about the two in-app security flaws on Monday, July 28, using the handle BobDaHacker. Anyone who has created an account on the Lovense app may have been potentially affected due to the two bugs.
“We could have easily harvested emails from any public username list. This was especially bad for cam models who share their usernames publicly but obviously don’t want their personal emails exposed,” BobDaHacker wrote in their blog post. “Cam models use these tools for work, so this was a huge deal. Literally anyone could take over any account just by knowing the email address,” they added.
Read more at The Indian Express.
