A security researcher found that users of a company's chastity device ran the risk of having their private information exposed. The researcher was able to access over 10,000 users' email addresses, plaintext passwords, home locations, IP addresses, and GPS coordinates thanks to security weaknesses in the company's servers.
The researcher attempted to notify the company of the vulnerabilities and persuade them to make the necessary repairs after finding them. The company hasn't yet replied to the flaws or fixed them, though.
TechCrunch, a security news portal who initially published the report, has chosen to withhold the company's identity in order to protect its users from the continued risks they face. To notify people of the issue at hand, it contacted the company's web provider and China's Computer Emergency Response Team (CERT). Unfortunately, the company has not made any efforts to fix these issues.
The researcher defaced the company's homepage in an effort to alert the company and its customers. But within a day, the firm fixed the vulnerabilities without restoring the website or removing the researcher's warning.
In addition to the issues that were exposed, the researcher also found that the company's website was leaking records of customers' PayPal payments, including their email addresses and the dates of their payments.
The chastity device that the company sells is designed to be controlled by a partner using an Android app. By sending exact GPS locations, the software enables partners to follow a device user's movements. Unfortunately, hackers have previously exploited vulnerabilities in sex devices like chastity cages to their advantage, and have taken control of these gadgets to demand victims for ransom payments.
This incident highlights the necessity of resolving security issues in internet-connected devices, especially those that involve sensitive personal data. It is critical for companies to make the security of the data of their customers first priority and to take immediate action to patch any vulnerabilities identified.