All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
Canadian sex toy manufacturer We-Vibe has agreed to pay $5 million CAD (roughly £3 million) after being accused of serious failures to protect customer data. A class action lawsuit was initiated by two anonymous individuals, known as “NP” and “PS” who represented all customers affected by We-Vibe’s surveillance.
Sex toys produced by We-Vibe - which appeared in WIRED's April sex toy review - include the We-Vibe Sync and We-Vibe Classic. Users can pair the devices to their smartphones via the accompanying mobile app We-Connect. The vibrators' features can then be remotely controlled.
However, customers weren’t aware that the app had been specifically designed to "collect and record highly intimate and sensitive data" regarding the usage of We-Vibe products. This data included the date and time of each use, details of vibration settings, temperature and battery life - all of which was linked to users’ personal email addresses within the company servers in Canada. This was despite promising a “secure connection between... smartphones”, while the ‘connect lover’ feature operated.
Read more: Sex toys tested: WIRED reviews the best adult gadgets
This was done without the consent of customers. The company went so far as to actively conceal its data collection policies from customers – knowing that "a personal vibrator that monitors... highly sensitive and intimate usage data" is worth "significantly less than a personal vibrator that does not" and that customers would not have purchased it had they been aware of these functions.
Despite assuring customers that none of the data was transmitted to third parties, We-Vibe's behaviour has sparked further questions about the ethics of data collection. If the company were to be hacked, customer data could be released, and even if it remained secure on the servers, We-Vibe users expressed discomfort at the fact such personal details are readily accessible to those within the company.
The class action suit found that the conduct of WeVibe demonstrated a "wholesale disregard for consumer privacy rights and violated numerous state and federal laws".
We-Vibe's parent company, Standard Innovation, told Motherboard in a statement: "As a matter of practice, we use certain limited data in an aggregate, non-identifiable form to help us improve our products."
Customers who claim to have used the app to control the vibrator and provided their name and phone number to the company, are set to get up to $10,000. Those who purchased a We-Vibe connected device will receive up to $199.
More recently, another sex-toy scandal broke around the Svakom Siime Eye - a wi-fi enabled vibrator with a built-in camera. While designed for private live-streaming, security researchers at Pen Test Partners found that the device could be easily hacked by anyone within Wi-Fi range. The company states that the product is a way to "record and share the wonderful sex adventure to your partner via pictures or videos", but the camera has made the device a vastly more dangerous target for hackers.
The flaw in the connected product revolves around the device's default password – eight 8s. If this is not re-set by the user the device can easily be targetted if the attacker is in range. Once this password is entered, the video feed can be hijacked. Not only that, but the researchers found a static wireless access point name means that the vibrators can be easily geo-located as “Siime Eye” wherever they are in use. Furthermore, not only can the video feed be exploited, but so can the function of the vibrator. The user would have no way of knowing about the hack - leaving them vulnerable to a horrific breach of privacy on all counts.
In a blog about the vibrator-endoscope, Pen Test founder, Ken Munro revealed his shock at the Siime Eye's vulnerabilities: "Sometimes, our jaws hit the floor. We see some pretty bad things in [internet of things] security, but this has to take the biscuit."
Munro is now urging customers to "change the Wi-Fi password to something complex and long" so as to reduce the possibility of hacking.
Svakom has since said it has addressed the issues and that updated versions of its software were "completely secure".
This article was originally published by WIRED UK
