Lovense has finally fixed its account takeover problem

Blogs Technology
Posted 2025-08-02 20:00:17
0
32

Lovense has finally fixed its account takeover problem

Lovense is well-known for its selection of remote-controlled vibrators. It’s slightly less known for a massive security issue that exposed user emails and allowed accounts to be wholly taken over by a hacker without even needing a password. Fortunately, both issues have been fixed, but it didn’t happen without some drama. 

As the story goes, security researcher BobDaHacker (with some help) accidentally found out that you could uncover a user’s email address pretty easily by muting someone in the app. From there, they were able to figure out that you could do this with any user account, effectively exposing every Lovense user’s email without much effort. 

With the email in hand, it was then possible to generate a valid gtoken without a password, giving a hacker total access to a person’s Lovense account with no password necessary. The researchers told Lovense of the issue in late March and were told that fixes were incoming. 

Mashable Light Speed

In June 2025, Lovense told the researchers that the fix would take 14 months to implement because it did not want to force legacy users to upgrade the app. Partial fixes were implemented over time, only partially fixing the problems. On July 28, the researchers posted an update showing that Lovense was still leaking emails and had exposed over 11 million user accounts. 

"We could have easily harvested emails from any public username list," BobDaHacker said in a blog post. "This is especially bad for cam models who share their usernames publicly but obviously don't want their personal emails exposed."

It was around then that the news started making its way around the news cycle. Other researchers began reaching out to show that the exploit had actually been known as far back as 2022, and Lovense had closed the issue without issuing a fix. After two more days in the news cycle, the sex toy company finally rolled out fixes for both exploits on July 30. 

It’s not Lovense’s first roll in the mud. In 2017, the company was caught with its proverbial pants down after its app was shown to be recording users while they were using the app and toy. Lovense fixed that issue as well, stating that the audio data was never sent to their servers.

Please log in to like, share and comment!
Zoeken
Categorieën
Read More
Food
CRESCENT CHERRY CHEESECAKE BARS
CRESCENT CHERRY CHEESECAKE BARS This dessert is easy to make and so good! If you are a cherry...
By Test Blogger1 2025-07-09 16:00:10 0 479
Science
Why Are So Many Enormous Roman Shoes Being Discovered At Hadrian's Wall?
Why Are So Many Enormous Roman Shoes Being Discovered At Hadrian's Wall?We often assume our...
By test Blogger3 2025-07-05 13:00:10 0 521
Home & Garden
Is It Safe to Shower in a Storm—or Should You Wait It Out?
Is It Safe to Shower in a Storm—or Should You Wait It Out? When a thunderstorm rolls in, it's...
By Test Blogger9 2025-07-29 21:00:41 0 167
Technology
No more subscriptions with a lifetime of Microsoft Office 2019 for Mac
Get Microsoft Office Home & Business 2019 for Mac for life for just $39.99...
By Test Blogger7 2025-07-21 10:00:16 0 301
Spellen
All Clair Obscur Expedition 33 Mime locations and weakness
All Clair Obscur Expedition 33 Mime locations and weakness As an Amazon Associate, we earn...
By Test Blogger6 2025-06-10 12:00:10 0 1K
© 2025 Sngine-YND Dutch
English Arabic French Spanish Portuguese Deutsch Turkish Dutch Italiano Russian Romaian Portuguese (Brazil) Greek
About Voorwaarden Privacy Contact Us Bedrijvengids