A ‘Smart’ Chastity Cage Maker Leaves Users’ Data At Risk
A chastity cage manufacturer has exposed its 10,000 users' sensitive data, including emails, plaintext passwords, IP addresses, and home addresses, due to system flaws. These flaws were discovered by an anonymous researcher who exploited two vulnerabilities in the said system.
The researcher reached out to the company involved on June 17 to warn them of the vulnerability. However, as of this publication, the company has not taken any corrective measures.
Everything's just too easy to exploit. And that's irresponsible.ResearcherThe company manufactures chastity cages for men - a device that is worn on the penis and can be controlled by their partners.
Turn Of EventsAfter receiving no response from the company, the researcher defaced the company's homepage in a bid to draw attention and get the vulnerabilities removed.
The researcher left a warning for users on the company's website informing them that the site was disabled by a friendly third party because the company had left the site vulnerabilities open, putting all the customer information at risk. This includes plaintext passwords and shipping addresses.
The researcher also expressed his motive behind this, stating that he didn't want to leave everything for grabs when thousands of people have their accounts on the platform.Although the company removed the warning from its homepage and restored the site, it still did nothing to solve the underlying issue.
However, the company's web host has assured that it'll alert the manufacturer and CERT (China's Computer Emergency Response Team) in an effort to find a speedy solution.
Apart from the data mentioned above, the company was also found to expose users' PayPal payment logs, including their email addresses used on the platform and date of payment.
However, this isn't the first time vulnerabilities have been found in sex toy manufacturer systems. In 2021, hackers gained access to an internet-controlled chastity cage system and asked people for ransom. Similarly, in 2016, a Bluetooth-powered panty buster" was hacked using bugs.
In 2017, two women alleged that a smart sex toy manufacturer harnessed intimate and sensitive user data. The company had to settle the lawsuit to control further damage.
Cyberattacks in an industry where anonymity is paramount are a concerning issue for users. These security concerns increase the taboo around using sex products.
This could ultimately lead to people avoiding these products altogether in an effort to save their reputation. Thus, manufacturers need to be extra careful of how they handle user data in a sensitive environment.
The post A Smart' Chastity Cage Maker Leaves Users' Data At Risk appeared first on The Tech Report.