Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,494
- Points
- 113
The lock was clearly supposed to contain user data, but it turned out to be something else…
Unnamed for security reasons, an American company that makes men's chastity belts accidentally revealed a lot of confidential data about the buyers of their sex products. IP addresses, email addresses, and even customer home addresses were made publicly available. And in some cases, even accurate GPS coordinates of the "smart locks" themselves in real time.
The leak was caused by vulnerabilities on the company's servers identified by a cybersecurity researcher, who also wished to remain anonymous. According to him, he gained access to a database containing records of more than 10,000 users, thanks to two vulnerabilities.
The expert found serious flaws in the protection of customers personal data and notified the company on June 17 in the hope that it would quickly fix the vulnerabilities. However, even at the time of publication of this news, after more than two months, the company has not patched the security holes found.
"Exploiting vulnerabilities is very easy. This is irresponsible," the researcher said, expressing concern about the manufacturer's negligent attitude to the security of personal data of its customers.
In addition to accessing the database, the company's website also found PayPal payment logs containing their email address and payment date. According to the expert, the company ignored the basic rules of information security, leaving confidential customer information open to intruders.
As noted earlier, smart chastity belts are capable of transmitting GPS coordinates of their owner in real time, and with an accuracy of several meters. The feature allows a trusted person to track their partner's movements from anywhere in the world via a mobile app.
However, free access to this feature by third parties opens up ample opportunities for attackers to spy and invade the privacy of unsuspecting users.
It is noteworthy that this is not the first case of hacking intimate gadgets for men, and not the most dangerous. So, a few years ago, a vulnerability was discovered in a similar product of Qiui, which allows a remote attacker to completely block similar "smart locks" without the physical ability to open and remove them. For unblocking, hackers demanded a cash ransom from their victims.
Despite numerous hacking incidents and data leaks, manufacturers of intimate toys still don't seem to take the cybersecurity of their systems and devices seriously enough. They regularly ignore warnings about vulnerabilities from researchers and continue to release insecure products for sale.
Consumers should clearly understand the risks of using such "accessories", especially if the latter have smart functions such as remote control or tracking the owner's location.
Unnamed for security reasons, an American company that makes men's chastity belts accidentally revealed a lot of confidential data about the buyers of their sex products. IP addresses, email addresses, and even customer home addresses were made publicly available. And in some cases, even accurate GPS coordinates of the "smart locks" themselves in real time.
The leak was caused by vulnerabilities on the company's servers identified by a cybersecurity researcher, who also wished to remain anonymous. According to him, he gained access to a database containing records of more than 10,000 users, thanks to two vulnerabilities.
The expert found serious flaws in the protection of customers personal data and notified the company on June 17 in the hope that it would quickly fix the vulnerabilities. However, even at the time of publication of this news, after more than two months, the company has not patched the security holes found.
"Exploiting vulnerabilities is very easy. This is irresponsible," the researcher said, expressing concern about the manufacturer's negligent attitude to the security of personal data of its customers.
In addition to accessing the database, the company's website also found PayPal payment logs containing their email address and payment date. According to the expert, the company ignored the basic rules of information security, leaving confidential customer information open to intruders.
As noted earlier, smart chastity belts are capable of transmitting GPS coordinates of their owner in real time, and with an accuracy of several meters. The feature allows a trusted person to track their partner's movements from anywhere in the world via a mobile app.
However, free access to this feature by third parties opens up ample opportunities for attackers to spy and invade the privacy of unsuspecting users.
It is noteworthy that this is not the first case of hacking intimate gadgets for men, and not the most dangerous. So, a few years ago, a vulnerability was discovered in a similar product of Qiui, which allows a remote attacker to completely block similar "smart locks" without the physical ability to open and remove them. For unblocking, hackers demanded a cash ransom from their victims.
Despite numerous hacking incidents and data leaks, manufacturers of intimate toys still don't seem to take the cybersecurity of their systems and devices seriously enough. They regularly ignore warnings about vulnerabilities from researchers and continue to release insecure products for sale.
Consumers should clearly understand the risks of using such "accessories", especially if the latter have smart functions such as remote control or tracking the owner's location.
Last edited:
