Sex toy company Lovense “secretly recorded intimate sessions” through its vibrators

Our Data Leak Team are already representing a large group of victims of the We-Vibe data breach scandal. The trend of sex toy data breaches is alarming.

Lovense has admitted that its mobile phone app has been secretly recording audio files while its vibrators were in use.

The company has blamed a “minor software bug” for the apparently unintentional recordings.

Several users reportedly made the horrifying discovery when they spotted unusual sound files stored on their phones. As you can imagine, this is a huge cause for concern and can amount to a misuse of private information.

Mobile app secretly recording audio during use of remote-controlled vibrator

One user posted his discovery on a forum, saying: “The Lovense remote control vibrator app…seems to be recording while the vibrator is on. I was going through my phone media to prepare it for a factory reset and came across a 3gp file named ‘tempSoundPlay.3gp’ in the folder for the app. The file was a full audio recording 6 minutes long of the last time I had used the app to control my [partner’s] remote control vibrator.”

The user indicated that they had no idea the vibrator recorded audio files, nor did they want it to.

Users are concerned that the audio files have been sent through the app back to the company or another firm for marketing or other purposes.

A ‘minor bug’ blamed

Lovense has responded to the scandal and dismissed concerns over privacy and noting that the recordings were allegedly due to a ‘minor bug’. According to a statement, a ‘temporary file’ is created but “no information or data is sent to our servers,” which appears to separate this from the severity of the We-Vibe scandal where data was being sent back to the company.

The vibrators can be controlled remotely through short range Bluetooth connection as well as long distance via Wi-Fi. What has alarmed some is that the vibrators can apparently be synced to music files or activated by sound or voice…

Apparently, the bug only affects some android devices.

A ‘fix’ has been issued

The company is said to be issuing a fix to delete the files once the user exits the Sound Control feature and the mobile app. It explained that the fix will also “do an additional check and delete each time the app is started.”

Standard Innovation, the company behind the remote-controlled “We-Vibe” sex toy, recently admitted to collecting personal information gleaned from use of their toys and sending it back to the company. A number of affected users have already instructed us to help them bring a claim for data protection compensation.

In comparison, Lovense’s ‘bug’ appears to be much less serious, but could still cause problems if a phone was stolen or someone else using the phone came across the file, or if the phone’s security is hacked. Some people have their phone data linked to cloud storage, so audio files may also be in other areas of the internet which could pose additional risks.

Someone could accidentally do something horrifying. Imagine sending an intimate audio file to a friend or work colleague by mistake! The key element here is that the user did not know nor expect their intimate sessions would be recorded on their phones.

Not the first data protection problem for Lovense

This isn’t the first time Lovense has come under scrutiny over its software security. Last year, a number of flaws apparently made it possible to find user’s email addresses.

Ken Munro from cybersecurity penetration company, Pen Test Partners, said:

“…anything that uses a camera and a microphone potentially has the opportunity to cause a privacy invasion…at present, there’s a complete lack of standards, so it’s a Wild West right now.”

Companies who manufacturer and produce products like these need to recognise the risks to their consumers and figure out how best to protect them.

A simple guide to data breach terms

Debt collection agency data breaches