Far be it from us to kink-shame people who like sex toys, but we’re definitely shaming sex toy companies that don’t protect users’ data.
Case in point: A security researcher told TechCrunch he exploited two vulnerabilities in an app-controlled chastity device, accessing a database of 10k+ users, in June — but the device’s maker still hasn’t done anything about it.
Yikes, but…
… this isn’t the first time such a company has been caught with its security pants down.
- Standard Innovation Corp. settled for $3.75m in 2017 after two women claimed its We-Vibe toy and app collected intimate data including usage, settings, and email addresses.
- In 2017, a security researcher demonstrated how a toy with a camera could be hacked, allowing others to see the feed.
And there are far more Internet of Things (IoT) sex toys than you might think, per the Internet of Dongs, a website that tracks and tests them.
Okay, but would someone actually hack a sex toy?
In 2020, connected chastity device CellMate was hacked via an exposed API. One user told Vice that hackers demanded $750 in bitcoin to unlock it. Fortunately, he hadn’t been wearing it.
But this showcases a larger problem. There are ~17B connected devices worldwide, per CNBC, including fridges, watches, toilets, lights, and, for some reason, this smart egg crate.
And Microsoft’s Digital Defense Report 2022 found that “the security of Internet of Things (IoT)… has not kept pace” with software and hardware, making them an entry point for bad actors.
As this tech creeps further into everyday life, companies owe it to their users to test for and fix vulnerabilities, and to be transparent about what data they collect and why — no matter the device.
Fun fact: Hackers once used smart sensors in a casino fish tank to access its network and steal customer data.