³ÉÈË¿ìÊÖ

Flaw in VR porn app leaves 20,000 names exposed

  • Published
SinVR is a virtual reality porn gameImage source, SinVR
Image caption,

SinVR is a virtual reality porn game

A flaw that left the personal data of thousands of users of a virtual reality porn app exposed has been fixed.

British cybersecurity firm Digital Interruption uncovered a loophole in the SinVR app that gave it access to 20,000 user names and email addresses.

SinVR thanked it for highlighting the issue and promised to improve security.

"Altogether, it has been a tremendous learning experience," the US-based company .

"Moving forward, we are confident in our ability to stop similar attacks and will keep using a professional security service to audit our system."

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.
The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
Skip twitter post by Digital Interruption

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read and before accepting. To view this content choose ‘accept and continue’.

The ³ÉÈË¿ìÊÖ is not responsible for the content of external sites.
End of twitter post by Digital Interruption

SinVR is a pornographic virtual reality game which lets users explore various adult-themed environments and interact with virtual characters.

It works with most major VR headsets including the HTC Vive and Oculus Rift.

In a blog post, Digital Interruption said it had decided to go public after SinVR's parent company, inVR, did not respond to emails about the app's flaws.

The cybersecurity firm, which had been reviewing the security of several adult-themed websites, said it accessed the personal data of everyone with a SinVR account as well as anyone who paid for content using PayPal.

Passwords and credit card details were not exposed in the hack, it said.

"Due to the nature of the application, it is potentially quite embarrassing to have details like this leaked," Digital Interruption .

"It is not outside the realm of possibility that some users could be blackmailed with this information."

It's not the first time the personal data of those who visit porn sites has been exposed.

In 2016 the names of almost 800,000 registered users of porn site Brazzers were exposed in a data breach.

And last year, German researchers claimed to have accessed the porn-browsing habits of members of the public by reverse-engineering online data used for targeted advertising.