VR Adult App Had Security Flaw That Could Have Exposed Users

There's nothing worse than signing up to a decidedly dodgy site and getting caught out. That's why people embarrassed of their Internet habits tend to use fake usernames and email addresses.

So imagine the sigh of relief the 20,000 members of the virtual reality adult app SinVR had today after a cyber-security firm notified the app of a security flaw which could have left their true identities wide open.

The London-based cybersecurity firm Digital Interruption said it found a hidden 'backdoor' in the app which allowed savvy hackers access to members' user names and email addresses. Well, that was a close one.

Credit: SinVR
Credit: SinVR

Sin VR, launched in 2016, is a US-based virtual reality app that allows people to play out various sexual scenarios and interact with characters. It is compatible with VR headsets like HTC Vive, Oculus Rift and Google Cardboard.

The app promises its users the opportunity to 'live out your sexual fantasies in your own private dungeon' - except, in this case it obviously wasn't private. Oops.

In a blog post, Digital Interruption explained that it decided to go public to protect users after SinVR's parent company allegedly didn't respond to the firm's emails.

The cybersecurity firm said that it managed to access the personal data of everyone with a SinVR account, along with their PayPal data. Thankfully for the punters, users' passwords and credit card details were not vulnerable.

"Due to the nature of the application, it is potentially quite embarrassing to have details like this leaked," Digital Interruption wrote in its blog post. "It is not outside the realm of possibility that some users could be blackmailed with this information."

A spokesperson for SinVR said the company 'fixed the issue as soon as it was revealed', calling the issue 'a tremendous learning experience'.

"Moving forward, we are confident in our ability to stop similar attacks and will keep using a professional security service to audit our system," the company told the tech site Alphr.

''We are making sure that all 'back door' intrusions are fully consensual," the spokesperson added. Oo-er.

You'd imagine the people who frequent these type of sites are already wary of having their secrets exposed after a string of high-profile hacks in recent years, including Ashley Madison and Brazzers.

The users of SinVR can consider this a close call - next time, they might be living someone else's fantasies.

Featured Image Credit: SinVR

Chris Ogden

Chris Ogden is a journalist at LADbible. He graduated from the University of East Anglia with degrees in English Literature and Creative Writing before completing his NCTJ Diploma in Multimedia Journalism. Chris has previously written for the independent culture magazine The Skinny, among other publications.

Next Up

arrow-down arrow-left arrow-right arrow-up camera clock close comment cursor email facebook-messenger facebook Instagram link new-window phone play share snapchat submit twitter vine whatsapp logoInline safari-pinned-tab Created by potrace 1.11, written by Peter Selinger 2001-2013