India, July 31 -- A security researcher has claimed that serious flaws in the Lovense app exposed users' email addresses and allowed full account takeovers for months, potentially exposing their purchase history.

Lovense, a popular maker of internet-connected sex toys with over 20 million users, was first alerted to the vulnerabilities in March. But according to the researcher, who goes by the handle BobDaHacker, the company delayed addressing the issues. One of them has still not been fully fixed.

The researcher discovered that while using the Lovense app, it was possible to see other users' email addresses through a network analysis tool. He discovered this vulnerability when he muted his ex-partner's account and it exposed their emai...