Lovense CEO Considers Legal ​Action Amid Sex Toy Bug Disclosure Controversy

Lovense, the popular sex toy⁢ manufacturer, is reportedly exploring legal action following the public disclosure of two security ⁣vulnerabilities in its​ app. The company ‍claims the bugs are resolved, but the CEO’s threat of legal recourse has raised concerns about transparency and user data security.

security Researcher’s Disclosure Sparks Controversy

the controversy began when a security researcher, known online as BobDaHacker, revealed that ⁢they had reported two significant security ​bugs to Lovense earlier this year. The researcher stated that Lovense initially indicated​ a 14-month timeline ⁤for a full fix, opting against a quicker, one-month solution⁢ that would ‌have necessitated informing users about app updates. This decision led ‍the researcher to publish their findings after⁢ the​ extended resolution period.

Lovense’s Response‌ and User ⁢Data Claims

In a statement shared with TechCrunch, Lovense⁢ CEO Dan Liu addressed the disclosure, stating the company was “investigating the possibility of ⁣legal action” in response to what he termed‍ “erroneous reports about the bug.” When pressed by TechCrunch for clarification on whether the‍ legal threat⁣ was aimed at media reports or the security researcher’s disclosure, Lovense did not provide a specific answer.

Liu further asserted in the statement that there is “no evidence suggesting that any user data, including email addresses ⁢or account details, has been compromised or misused.” Though, TechCrunch, along with othre outlets, claims to have verified the email disclosure bug by creating a new account and having the​ researcher identify the associated email address.This verification process ‍casts doubt on Lovense’s assertion of no data compromise.When TechCrunch inquired about the technical means, such as logs, ⁣Lovense possesses to determine if user data was compromised, ⁤a company spokesperson declined to comment.

The Broader Context of Security⁣ Disclosure Threats

The situation with Lovense is not an isolated incident. It is indeed not uncommon for organizations to resort to legal demands and threats in an ‌attempt to suppress the disclosure of security vulnerabilities or embarrassing security incidents. Despite the prevalence of such tactics, there are few regulations in the United States that prohibit such reporting.

This trend was highlighted earlier ​this year when an self-reliant U.S. ⁢journalist successfully resisted a legal threat originating from a U.K. court injunction.The injunction was sought after the journalist accurately reported on a ransomware attack targeting the U.K. ‌private ​healthcare giant HCRG. In another instance in 2023, a county official in Hillsborough County, Florida, threatened criminal charges against a security researcher. The researcher was‍ targeted under the state’s computer ⁤hacking laws for identifying and privately disclosing a security flaw in the county’s court records system, which had exposed access to sensitive ⁢filings.

Implications for Lovense Users

lovense has stated ​that the implemented fixes​ will require users to update their applications to regain full functionality. The​ company’s stance on the alleged ⁣data compromise and ⁣its willingness to consider legal ​action against those who report vulnerabilities raise ‌significant questions for its user⁢ base regarding the company’s commitment to data privacy and transparent communication. Users are advised to ensure their Lovense ​applications are updated to​ the latest version to benefit from the claimed security patches.