Sex toy company Lovense is leaking the email addresses of its app users and allowing account takeovers without asking for a password, according to a security researcher. As reported by TechCrunch, BobDaHacker, who describes themself as an ethical hacker committed to exposing and reporting security vulnerabilities, published an extensive report in which they accuse Lovense of failing to fix a serious bug it was first made aware of in 2023.
According to the hacker (and later verified by TechCrunch), Lovense allows any username to be turned into their email address with the right
→ Continue reading at Engadget
