Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users’ data

Lovense, the company behind internet-enabled sex toys, has announced that it has successfully addressed two significant security vulnerabilities that put users' personal email addresses at risk and allowed unauthorized access to their accounts. Despite claiming that these issues have been completely resolved, CEO Dan Liu is contemplating legal action due to what he describes as misleading reports about the security flaws. In a statement to TechCrunch, Liu indicated that the company is evaluating its options regarding potential legal recourse following a disclosure made by a security researcher known as BobDaHacker. The researcher had previously reported the vulnerabilities to Lovense and subsequently published the findings after the company suggested it would take an extended period—14 months—to fully rectify the issues instead of implementing a quicker fix that would have prompted users to update their applications sooner. Lovense has emphasized that users will need to update their apps to regain full functionality, and Liu asserted that they have found no evidence that any user data, including email addresses or account details, has been compromised or misused. However, this claim has been met with skepticism. TechCrunch, along with other media outlets, verified the email exposure issue by creating a new account and having the researcher confirm the associated email. When questioned about the methods used to assess whether user data had been compromised, Lovense did not provide a clear response. This situation highlights a broader trend where organizations sometimes resort to legal threats in an attempt to suppress disclosures related to security incidents, despite the lack of stringent regulations in the U.S. governing such actions. Earlier this year, for instance, a journalist faced legal threats from a UK court when reporting on a ransomware incident affecting a private healthcare company, showcasing the contentious landscape surrounding security disclosures.