A recent security bug in the Lovense platform has exposed users’ email addresses, allowing anyone to obtain them using their public username. The vulnerability affects both regular users and models who use Lovense for streaming and shows, putting them at risk of doxxing and stalking. Researchers discovered the bug by accident while trying to block another user’s notifications, and it can be easily automated using a POST request to the /api/wear/genGtoken endpoint. Despite initial claims of full resolution, experts say the email disclosure bug remains, and Lovense is working to fix the issue, which will take approximately 14 months to resolve.
Source: https://www.redhotcyber.com/en/post/your-email-is-vibrating-a-hot-flaw-in-lovense-exposes-users-emails