- Researchers found a way to remove email addresses from love user accounts
- A reduction was released, but allegedly do not work according to the intention
- The company claims that it needs months before leak plugs
Lyunus, a sex -tech company specializing in smart, remotely -controlled adult toys, had a threat to her system that could allow dangerous actors to see people’s private email addresses.
They just needed this person’s username and seemingly – these things are relatively easy easier.
Recently, security researchers of alias Bubdhakar, Eva, Rebine discovered that if they knew someone’s username (they may have seen it on a forum or during a cameh show), they could log in to their own dear account (which means a special user account), and using it for a script.
You can like
It is added to the fake email chat system as a “friend”, but when the system updates the contact list, it mistakenly shows the original email address behind the username in the background code.
Automatically exfiltration
The whole process can be done automatically and in less than a second, which means that the danger actor could abuse him to catch thousands, if not, hundreds of thousands of email addresses, quickly and effectively.
The company has about 20 million users worldwide, so the attack level is larger.
The bug was discovered together with another, even more dangerous flaw, which allowed the account occupation. Although it was quickly remedied by the company, it has not yet been determined. Apparently, the company still needs “months” to plug the leak:
“We have begun a long -term remediation project, which will take about ten months, which will require at least four months to completely implement the full solution,” Lewis told the researcher.
“We have also reviewed a fast, a month’s accuracy. However, it will need to force all users to immediately upgrade, which will disrupt the support of the legacy version. We have decided against this approach in favor of a more stable and user -friendly solution.”
Luns also said that he had deployed a proxy feature as a reduction, but apparently, he was not working according to his intention.
A way of staying safe
This attack is especially about such records that hackers can be higher than sensitive information to launch highly personal, successful phishing campaigns, which causes identity theft, wire fraud, and even renamware attacks.
If you are concerned that you may be stuck in the incident, don’t worry – there are many ways to find out. Hebeenpwne? Offering the run -down of every major cyber event of the past few years, whether your details have been affected or not, it is probably the best source to check.
And if you save passwords in a Google account, you can use Google’s password checkup tools to see if someone has been compromised, or your login protection L We have signed up for the best password manager’s best options.
By Blipling computer
