- The researchers found a way to extract e-mail addresses from LOVENSE user accounts
- An attenuation has been published, but it does not work as planned
- The company says it still needs months before connecting the leak
Lovense, a sexual technology company specializing in intelligent and remote adult toys, had a vulnerability in its systems that could allow threat actors to see people’s private e-mail addresses.
Everything they needed was the username of this person and apparently – these things are relatively easy to find.
Recently, safety researchers under alias Bobdahacker, Eva, Rebane, discovered that if they knew someone’s username (maybe they saw it on a forum or a cam show), they could connect to their own Lovense account (which does not need to be special, a regular user account suffice) and use a script to transform the username into internal use).
This false email is added as a “friend” in the cat system, but when the system updates the contact list, it accidentally reveals the real email address behind the username in the background code.
Exfiltration automation
The entire process can be automated and carried out in less than a second, which means that threat actors could have mistreated it to grasp thousands, even hundreds of thousands of email addresses, quickly and effectively.
The company has around 20 million customers worldwide, so the attack surface is quite large.
The bug was discovered with another, even more dangerous flaw, which made it possible to take control of the account. Although it was quickly corrected by the company, it has not yet been set. Apparently, the company still needs “months” of work to connect the leak:
“We have launched a long -term sanitation plan which will take about ten months, with at least four months more necessary to fully implement a complete solution,” Lovense to the researcher told.
“We have also evaluated faster and one month’s correction. However, this would require all users to upgrade immediately, which would disrupt the management of inherited versions. We decided to against this approach in favor of a more stable and friendly solution.”
Lovense also said that he had deployed proxy functionality as attenuation, but apparently it does not work as expected.
How to stay safe
The attack is particularly worrying, as these recordings could contain more than enough sensitive information for hackers to launch highly personalized and successful phishing campaigns, leading to identity theft, wire fraud and even ransomware attacks.
If you worry, you may have been taken in the incident, don’t worry – there are a number of methods to discover. Haribeenpwned? is probably the best resource only to verify whether your contact details have been assigned, offering a dilapidated each large cyber-incident of recent years.
And if you save passwords on a Google account, you can use Google’s password verification tool to see if it has been compromised or register for one of the best password management options that we have gathered to make sure that your connections are protected.
Via Bleeping Compompute
