Adult VR app, SinVR, has announced that it has fixed the issues that were highlighted by the security firm Digital Interruption.
The UK security firm raised the issue of SinVR potentially exposing names and emails of thousands of its users.
The data of 20,000 users was vulnerable to hackers on the adult VR app, it was uncovered by Digital Interruption.
This included the names, email addresses and device names of everyone who has a SinVR account, and everyone who has paid for content using a PayPal account.
A spokesperson for SinVR told Alphr: “Digital Interruption gave us ample warning before posting their finding and we fixed the issue as soon as it was revealed to us. We are in contact with them and they confirmed that the outlined security hole was closed. Altogether, it has been a tremendous learning experience, which will serve to enhance our security and we are glad that it was conducted ethically.
“Moving forward, we are confident in our ability to stop similar attacks and will keep using a professional security service to audit our system.”
Digital Interruption wrote in a blogpost: “Not only could an attacker use this to perform social engineering attacks, but, due to the nature of the application, it is potentially quite embarrassing to have details like this leaked. It is not outside the realm of possibility that some users could be blackmailed with this information.”
After contacting SinVR, the security firm decided to go public with its findings last week, censoring personal details in the screenshots which they posted (below).
Data concerns of this nature can be extremely damaging if left unchecked. An infidelity dating site, Ashley Madison, went through a data breach in 2015 where hackers threatened to contact friends and families of users’ memberships, if they refused to pay a sum of money.
Read more here.