Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposedReading Time: 2 minutes
A company that makes a chastity device for people with a penis that can be controlled by a partner over the internet exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and — in some cases — GPS coordinates, due to several flaws in its servers, according to a security researcher.
Given that he wasn’t getting any answers, on August 23 the researcher defaced the company’s homepage in an attempt to warn the company again, as well as its users.
‘The site was disabled by a benevolent third party. [REDACTED] has left the site wide open, allowing any script kiddie to grab any and all customer information. This includes plaintext passwords and contrary to what [REDACTED] has claimed, also shipping addresses. You’re welcome!’ the researcher wrote. ‘If you have paid for a physical unit and now cannot use it, I’m sorry. But there are thousands of people with accounts on here and I could not in good faith leave everything up for grabs.’
Less than 24 hours later, the company removed the researcher’s warning and restored the website. But the company did not fix the flaws, which remain present and exploitable.
In addition to the flaws that allowed him to gain access to the users’ database, the researcher found that the company’s website is also exposing logs of users’ PayPal payments. The logs show the users’ email addresses that they use on PayPal, and the day they made the payment.
The company sells a chastity cage for people with a penis that can be linked to an Android app (there is no iPhone app). Using the app, a partner — who could be anywhere in the world — can follow their partners’ movements, given that the device transmits precise GPS coordinates down to a few meters.
This is not the first time hackers exploit vulnerabilities in sex toys for men, in particular chastity cages. In 2021, a hacker took control of people’s devices and demanded a ransom.
‘Your cock is mine now,’ the hacker told one of the victims, according to a researcher who discovered the hacking campaign at the time.
The year before, security researchers had warned the company of serious flaws in its product that could be exploited by malicious hackers.
Over the years, other than actual data breaches, security researchers have found several security issues in internet-connected sex toys. In 2016, researchers found a bug in a Bluetooth-powered ‘panty buster,’ which allowed anyone to control the sex toy remotely over the internet. In 2017, a smart sex toy maker agreed to settle a lawsuit filed by two women who alleged the company spied on them by collecting and recording ‘highly intimate and sensitive data’ of its users.
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG