Lovense, the manufacturer of internet-connected sex toys, has confirmed it patched two security vulnerabilities that could have exposed users’ email addresses and allowed remote account takeovers.
Although the company claims the issues are now fully resolved, CEO Dan Liu says Lovense is “investigating the possibility of legal action” following public disclosure of the flaws. It’s unclear whether the legal threat is aimed at media outlets or the security researcher who reported the bugs.
Security researcher BobDaHacker reported the flaws earlier this year and recently went public, stating that Lovense initially planned a 14-month fix timeline instead of a faster, one-month solution that would’ve required notifying users.
Lovense now requires users to update the app to access full functionality. Despite public proof of concept and verification by journalists, Liu asserts there’s “no evidence” that user data has been misused, though the company hasn’t provided logs or technical proof to support that claim.
The situation adds to a growing trend of companies threatening legal retaliation following the exposure of security lapses.
