Singapore, August 3: Lovense, a Singapore-based sex toy maker company, announced that it fixed the security flaw that leaked the private email addresses of its customers related to its app. This Lovense sex toy app's security vulnerability allegedly allowed hackers to target individuals and remotely access their accounts. After solving this problem, Lovense CEO is reportedly considering legal action against allegedly "erroneous"  reports about the bugs.

According to the latest official statement by Lovense CEO Dan Liu, the internet-connected toys company would be considering legal action against the online erroneous reports. Lovense CEO, who did not mention if the company was going to take action against the media reports published by media houses or the blog published by researcher "BobDaHacker". PM Narendra Modi Says India Reshaping Its Industrial Landscape With Focus on Electric Mobility, Green Technology and Self-Reliant Manufacturing.

Lovense App Data Leaks Claims by Researcher "BobDaHacker"

On Monday, a researcher named "BobDaHacker" published a blog that targeted one of the largest internet-connected sex toy makers. The researcher said that he was using the Lovense app, and the company started muting everyone. Upon checking the API, BobDaHacker said he had found his email address and figured out that Lovense had turned his username into an email address.

The researcher claimed Lovense had leaked his data and highlighted how easy it was to hack someone's account using the data available in the API. He listed steps that could let cybercriminals easily hack into customers' accounts. First, the attackers could get a GToken (Auth Tokens) with encryption parameters, then look up the usernames and get encrypted user data. What Is ISRO’s HOPE Analogue Mission in Ladakh? Know How It Will Help India To Prepare for Future Human Spaceflight to Low Earth Orbit, Moon and Mars Class Exploration.

Lovense App Data Leaks Facilitated Taking Over Accounts: BobDaHacker

BobDaHacker credited another researcher, Eva, who highlighted how, using this security vulnerability of the Lovense Connect app, the cyber-attackers could easily take over the accounts. Eva pointed out that the hackers could first get the email of the target, set up request parameters, generate a signature, encrypt the signature, send a POST request to this link - https://apps.lovense-api.com/api/connect/genGtoken and finally, get back a valid token without requiring a password. These tokens worked on Lovense Extension, Lovense Connect, StreamMaster, Cam101 via login link and on admin accounts.

(The above story first appeared on LatestLY on Aug 03, 2025 10:38 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).