Core Viewpoint - Lovense, a Singapore-based adult toy manufacturer with over 20 million users globally, is facing significant security vulnerabilities that allow unauthorized access to user accounts and personal information [1][2]. Group 1: Security Vulnerabilities - A security researcher named BobHacker discovered two critical vulnerabilities in Lovense's system, which were publicly disclosed after the company requested an unusually long 14-month period for fixes [2][7]. - The first vulnerability allows users' real email addresses to be exposed through network analysis tools, as Lovense associates usernames with email addresses, making it easy for others to identify users [4][6]. - The second vulnerability enables attackers to take over Lovense accounts by creating authentication tokens without needing passwords, allowing remote control of connected sex toys, posing potential real-world harm [5][6]. Group 2: Company Response and Timeline - Lovense has acknowledged the issue with the account takeover vulnerability and claims it has been fixed, while the email leakage vulnerability is still under repair, with an update expected to be released soon [7]. - The company has not clarified why it initially estimated a 14-month timeline for fixing the vulnerabilities, which has raised concerns among security researchers [7].