Overview
- Lovense applied a July update that rejects unauthorized authentication tokens, closing the account-takeover vulnerability without requiring a password.
- A proxy mitigation for the zero-day email-exposure flaw has been deployed, yet researchers confirm the underlying vulnerability persists.
- The company outlined a 14-month remediation plan to address the email-leak bug in order to preserve compatibility with legacy app versions.
- The email-exposure flaw allows attackers to derive private addresses from any public username in under a second, heightening doxxing risks.
- Security experts criticize Lovense’s slow, partial fixes as insufficient and warn high-visibility users like cam performers remain particularly vulnerable.