Particle.news
Download on the App Store

Lovense Deploys Patch for Account Takeover While Email Leak Fix Faces 14-Month Rollout

Researchers warn millions of users face ongoing exposure following Lovense’s decision to postpone a full email-leak resolution

Overview

  • Lovense applied a July update that rejects unauthorized authentication tokens, closing the account-takeover vulnerability without requiring a password.
  • A proxy mitigation for the zero-day email-exposure flaw has been deployed, yet researchers confirm the underlying vulnerability persists.
  • The company outlined a 14-month remediation plan to address the email-leak bug in order to preserve compatibility with legacy app versions.
  • The email-exposure flaw allows attackers to derive private addresses from any public username in under a second, heightening doxxing risks.
  • Security experts criticize Lovense’s slow, partial fixes as insufficient and warn high-visibility users like cam performers remain particularly vulnerable.