Sex toy maker Ravens threatens legal action after fixing security flaws that published user data
Lovense, the manufacturer of internet-connected adult toys, confirmed it has Fixed security vulnerability pair This allowed the user’s private email address to be published, allowing the attacker to take over the user’s account remotely.
The company said the bug has been “completely resolved,” but its chief executive is now considering taking legal action after disclosure.
in statement In sharing with TechCrunch, Lovense CEO Dan Liu said the sex toy maker is “examining possible legal action” in response to false reports of the bug. When asked by TechCrunch, the company did not clarify whether it was referring to media reports or disclosures by security researchers.
Details of the bug came out this week after security researchers go on a Bobda hacker at the Handle after they revealed Two security bugs have been reported Earlier this year, I went to a manufacturer of adult toys. The researchers released their findings after claiming that it would take 14 months to fully address the vulnerability, rather than applying the “fastest month fixes” that users need to update their apps.
In a statement arising from Liu, Lovense said that users need to update the app before they can resume using all the features of the app.
In a statement, Liu argued that “there is no evidence to suggest that user data, including email addresses and account information, has been breached or misused.” Given TechCrunch, it is not clear that Lovense has reached this conclusion (Other outlets) confirmed the email disclosure bug by setting up a new account and asking the researcher to identify relevant email addresses.
TechCrunch should ask Lovense for technical meanings such as logs and determine whether there is a compromise on the user’s data, but the spokesman did not respond.
It is not unheard of for an organization to resort to legal demands and threats that seek to block disclosure of embarrassing security cases, despite the few rules and restrictions in the United States that prohibit such reports.
Earlier this year, an independent US journalist rejected legal threats From a UK court injunction to accurately report ransomware attacks against UK private healthcare giant HCRG. 2023, county officials in Hillsboro County, Florida; Threatening criminal charges against security researchers Under the state’s computer hacking law, it identifies security flaws in urban court records systems and personally discloses security flaws that exposed access to sensitive filings.