Lovense’s Privacy Fiasco: Email Exposure Exploits Your Pleasure with a Side of Doxxing Drama

Lovense’s sex toy platform has a zero-day flaw allowing attackers to uncover users’ email addresses just with a username. It’s like turning a harmless game of tag into a phishing expedition. Lovense claims a fix is underway, but users might want to keep their usernames under wraps for now.

3P
Published: July 29, 2025 2:46 amAdded: July 28, 2025 at 7:51 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

In a world where your connected sex toy can spill your secrets faster than you can say “safe word,” Lovense manages to turn “private” into a public affair. Who knew your intimate gadgets could be so chatty? If their toys vibrate as much as their security alarms should, then it’s no wonder they’re causing a buzz. Maybe they should consider a new product: the “Privacy Plug.” After all, everyone needs some alone time!

Key Points:

  • Lovense’s zero-day flaw exposes users’ email addresses, risking doxxing.
  • Security researcher BobDaHacker discovered the flaw via Lovense’s XMPP chat system.
  • Flaw exploitation involves API requests and encryption to extract emails.
  • Critical account hijacking flaw was fixed; email exposure remains unresolved.
  • Lovense’s long-term fix may take up to 14 months to fully implement.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?