Lovense was told its sex toy app leaked users’ emails and didn’t fix it

I left the internet sexual playmaker, the internet emails for the user for several months-even after being familiar with weakness. In a blog post monitored by Techcrunch and Bleeping computerBobdahacker security researcher found that they can “convert any user name into their email address”, which they can then use to take over a person’s account.

Although Bobdahacker initially revealed this security vulnerability in March, the researcher claims that Lovenese waited months before his repair, and he did not completely address the problem. Loverse is behind a group of sexual games that users can communicate and control the Internet through their application, which was fire for a “simple mistake” in 2017, he recorded sex sessions for users.

As shown in the Bobdahacker post, the security researcher noticed something strange in API’s response to the application when a person’s mute: I presented his email address. After that, Bobdahacker discovered that they can take advantage of this weakness by sending a modified request to Lovenese servers, and deceiving it to re -email the target user’s email.

Bobdahacker has even developed a text saying that a person’s user name can be converted into an email address in less than a second. “This is particularly bad for CAM models that share the names of users publicly, but it is clear that it does not want to display their personal emails,” Bobdhaccer writes. Mattering is more than that, Bobdahacker later discovered that they can take over the user account with his email address and a certification symbol created by lovenese.

Bobdahacker initially informed these weaknesses in partnership with the Dong Internet, a group that aims to make sex games connected to the Internet safer. However, the security researcher says that Lovenese was not immediately fixed. Instead, lovenese claimed that the calculation error was repaired in April, although Bobdahacker said that, and that the repair of the email leakage case would take 14 months.

“We have also evaluated a one -month faster repair. However, it requires forcing all users to upgrade immediately, which will disrupt support for old versions,” said Lovenese, according to Bobaacher. Bobdahacker also noted, the security researchers reported the same error in obtaining the account to Lovenese in 2023, but the company seems to have already closed the error without repairing it.

In a statement to Bleeping computerLovenese says it has made an update to the application “processing the latest weaknesses” to the application stores. “The full update is expected to be paid to all users during the next week,” says Louvns. “Once all users are updated to the new version and disable the old versions, this problem will be solved completely.” Loverse did not respond immediately freedomRequest to comment.