Lovense, the company behind internet-connected sex toys, found itself in the spotlight for all the wrong reasons. Earlier this year, a security researcher known online as BobDaHacker disclosed two major security flaws. One exposed users’ private email addresses, the other allowed attackers to remotely hijack accounts.
Lovense initially claimed those fixes would take 14 months. Once the disclosure went public, though, the company patched the bugs quickly. Though users had to update their apps for the repairs to take effect.
Instead of simply thanking the researcher or clarifying its response, Lovense’s leadership floated the idea of taking legal action. No one knows for sure if this threat is aimed at the researcher or against media outlets covering the breach.
The Company’s Defense
CEO Dan Liu insists that no user data was ever misused, despite independent verification that email addresses had been exposed. How Lovense reached that conclusion remains unclear.
In a statement, Liu went further, claiming some reports about the breach were “erroneous” and suggesting the company had been unfairly maligned. That’s when the legal threats surfaced.
This wasn’t just a fight about vulnerabilities anymore. It became a fight about narrative control.
Why Legal Threats?
Companies under pressure often reach for the legal playbook. Threatening lawsuits can chill further reporting, intimidate researchers, or at least reframe the story as one of “false accusations” instead of security negligence.
While lawsuits after a breach are common, they usually come from users or regulators. Not from the company itself going after the people who brought problems to light.
When firms lash out at researchers or journalists, it signals something deeper: fear of losing control over their reputation. In Lovense’s case, instead of focusing on transparency, the company doubled down on defending its image.
A Pattern Bigger Than Lovense
Lovense’s reaction isn’t unique. Tech history is littered with examples of companies responding to embarrassing disclosures not with transparency but with hostility. The short-term logic makes sense: fight back, silence critics, protect the brand.
The long-term risks are greater. Legal threats can discourage responsible disclosure, drive vulnerabilities underground, and create a culture of secrecy rather than safety. Users are left in the dark, wondering whether their privacy really is protected or whether it’s just being lawyered into silence.
What’s the bigger question here? It’s not whether Lovense fixed the flaws, it did. It’s whether companies should be able to sidestep accountability by pointing fingers and threatening lawsuits.
If the instinct after a breach is to silence critics rather than reassure users, then the real vulnerability isn’t in the code. It’s in the culture of the companies that hold our data.
