San Francisco: A security researcher has discovered a flaw in the maker of an Internet-control chastity device for men that exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and in some cases GPS coordinates. TechCrunch’s According to the researchers, by testing two flaws, they gained access to the database containing more than 10,000 records. The researchers used the bug to see what data they could access.
Additionally, the researcher notified the company about the flaws on June 17, and urged them to fix them and protect their users. At the moment, the company has not resolved its flaws, the report states. The researcher was quoted as saying, ‘It is very easy to exploit everything. This is irresponsible. So I hope they will fix everything.
‘If you paid for a physical unit and can no longer use it, I’m sorry. But there are thousands of accounts here and I can’t leave everything with confidence.’ The company removed the researcher’s warning and restored the website in less than 24 hours. However, the company did not pay attention to the loopholes, which still exist.
In addition to the flaw allowing researchers access to users’ databases, it was discovered that the company’s website exposed logs of users’ PayPal payments. According to the report, the logs contained users’ PayPal email addresses as well as their payment details. The date is also shown. The company’s chastity device is intended to be controlled by a partner via an Android app.