- Lovense patched two severe security flaws exposing user emails and accounts.
- Researcher disclosed the issues after the company projected a 14-month fix.
- CEO Dan Liu maintains there’s no evidence of data being stolen or misused.
- Legal threats raise concerns about discouraging responsible security research.
Lovense, a leading manufacturer of internet-connected sex toys, has resolved two critical security flaws that could have put sensitive user data at risk. The bugs, if exploited, allowed attackers to access private email addresses and remotely take control of user accounts.
The company says the issues are now “fully resolved,” but the controversy deepened when CEO Dan Liu revealed that Lovense is considering legal action following the public disclosure of the flaws.
Researcher Discloses Bugs After Long Patch Timeline
The vulnerabilities were initially reported earlier this year by a security researcher using the alias BobDaHacker. According to the researcher, Lovense estimated that addressing the bugs would take around 14 months. A faster one-month fix was proposed, but it would have required informing users to update their apps immediately.
Concerned about user safety and frustrated with the lengthy timeline, the researcher eventually went public with their findings, releasing technical details of the flaws after repeated attempts to expedite the patch reportedly failed.
Company Claims No Signs of Data Misuse
Following the disclosure, Dan Liu stated that there is “no evidence suggesting that any user data, including email addresses or account information, has been compromised or misused.” The company also said that the fixes now require all users to update their apps before accessing every feature.
However, the vulnerabilities were proven to be real when independent tests successfully demonstrated the email exposure flaw. When asked what methods, such as access logs or forensic analysis, were used to determine whether data had been accessed, the company did not share specifics.
Legal Action Sparks Security Community Debate
Lovense’s announcement that it is “investigating the possibility of legal action” has triggered discussion within the cybersecurity community. The company did not clarify whether any potential lawsuit would target the researcher who discovered the flaws or other parties who reported on them.
This situation mirrors previous incidents where organizations attempted to use legal threats to suppress security disclosures. In recent years, similar tactics have drawn criticism for potentially discouraging ethical researchers from reporting critical vulnerabilities that protect consumers.
Users Urged to Update Immediately
Despite the company’s claims that no data was misused, cybersecurity experts are urging Lovense customers to update their apps as soon as possible.
Connected devices that handle intimate and highly sensitive information are considered high-value targets for attackers, making timely patches essential.
Lovense has not confirmed whether it will move forward with legal action, but the debate surrounding responsible disclosure and company responses continues to grow.
Follow TechBSB For More Updates
