This post has been updated with new information showing the account takeover vulnerability was previously reported and allegedly fixed in 2023. See the update at the bottom. Lovense couldn't get any scummier. What Happened So it all started when I was using the Lovense app and muted someone. That's it. Just muted them. But then I saw the API response and was like... wait, is that an email address? Why is that there? Just muting someone exposed their email - wtf After digging deeper, I figured ou...