The information was stored on Standard Innovation’s servers, alongside customer’s email addresses

Standard Innovation secretly gathered potentially sensitive information, including dates and times of use, temperature levels and changes in intensity

A sex toy maker has agreed to pay customers up to $10,000 each after allegations that it had collected data about its customers’ We-Vibe vibrator usage habits without their consent. 

The smart sex toy, created by Ottawa-based Standard Innovation, allows users to control vibration intensity through an accompanying smartphone app.

However, a demonstration at the Def Con hacking conference in August last year showed that the firm was secretly gathering potentially sensitive information about We-Vibe’s users, including dates and times of use, temperature levels and changes in intensity.

What’s more, this information was being stored on Standard Innovation’s servers, alongside customer’s email addresses.

At the time, the company claimed to have gathered the information for “market research purposes”, so it could “better understand what settings and levels of intensity are most enjoyed.”

The company has now settled a class-action lawsuit filed by two anonymous women in the aftermath of the Def Con presentation, agreeing to destroy the information already collected through the vibrator and to stop collecting such data in the future.

Under the terms of the settlement, Standard Innovation will pay out $2.9 million, with customers who bought a We-Vibe before 26 September 2016 and used it with the app eligible to receive up to $10,000, and those who used it without the app entitled to $199.

“At Standard Innovation we take customer privacy and data security seriously,” the company said in a statement to MarketWatch. “We have enhanced our privacy notice, increased app security, provided customers more choice in the data they share, and we continue to work with leading privacy and security experts to enhance the app. 

“With this settlement, Standard Innovation can continue to focus on making new, innovative products for our customers.”

As more and more devices have become internet-connected, the potential for privacy breaches has risen dramatically.

"This is yet another example of IoT devices being rushed to market without proper consideration of privacy, and with rampant security vulnerabilities,” said Cesar Cerrudo, the CTO of cybersecurity firm IOActive.

“We are connecting more and more of these devices to the internet and manufacturers are really not applying due diligence, which in the long run will be really costly. While they may get the upper hand in beating the competition to get products to market, they lose out in the long run.” 

Comments