Lovense Zero‑Day Flaw Exposes User Emails, Raising Risks of Doxxing and Harassment
Security researchers have discovered a zero‑day flaw in the Lovense connected sex toy platform that allows attackers to obtain a user’s email address by knowing only their username. The vulnerability, linked to interactions between Lovense’s XMPP chat system and backend, enables attackers to script requests that reveal private email data in less than a second per target. Since Lovense usernames are often shared publicly on forums and cam platforms, this flaw poses a serious risk of doxxing and harassment. Although Lovense claims it has fixed the issue, researchers have repeatedly demonstrated that the flaw still works, raising concerns about the company’s transparency and prioritization of legacy app compatibility over user safety.
In addition to the email exposure, the researchers found a critical account hijacking vulnerability allowing attackers to impersonate users, including administrators, across Lovense services. While this flaw was eventually patched, the email issue remains unresolved, with Lovense estimating a 14‑month remediation timeline. Critics argue that delaying the fix leaves millions of users at risk, particularly cam performers and individuals whose privacy is paramount. Lovense maintains a fix is rolling out, but security experts continue to urge caution.
#Cybersecurity #Privacy #DataBreach #ZeroDay #InfoSec #Vulnerability #EmailExposure #Lovense #DigitalPrivacy #CyberThreats #Doxxing #Harassment #XMPP #APIsecurity #AccountHijack #OnlineSafety #BugBounty #Exploit #DigitalSecurity #DataProtection #CamModelSafety #SecurityFlaw #UserPrivacy #InfoSecurity #Malware #CyberAwareness #PrivacyMatters #Hackers #CyberRisk #SecurityUpdate
