We-Vibe, a sex toy maker, has agreed to pay customers up to $7,500 each after selling their “smart vibrator” that tracked owners’ sexual activity without their knowledge.

We-Vibe 4 Plus is a bluetooth connected vibrator that’s controllable via an app and marketed as a way for

“couples to keep their flame ignited—together or apart.”

The app-enabled controls can be activated remotely allowing partners to engage it on the other end of a video call, for example.

The innovative idea though came with a number of security vulnerabilities, mainly that ANYONE within bluetooth range could get control of the device.

Data was also collected and sent back to Standard Innovation, giving them info about the vibration intensity and temperature of the product, factors that revealed the owner’s sexual habits in great detail.

New Zealand-based hackers “goldfisk” and “follower” first exposed the flaws at the Def Con hacking conference last year in Las Vegas. The pair said that the problem was a “serious issue” and that unwanted activation of the device was “potentially sexual assault.”

Parent company, Standard Innovation said in a statement,

“At Standard Innovation we take customer privacy and data security seriously. We have enhanced our privacy notice, increased app security, provided customers [with] more choice in the data they share, and we continue to work with leading privacy and security experts to enhance the app. With this settlement, Standard Innovation can continue to focus on making new, innovative products for our customers.”

Following the class-action lawsuit in an Illinois federal court, Standard Innovation has been ordered to pay out owners to the tune of $3 million. Those who used the vibrator’s associated app getting a $7,500 payout and those who just simply bought the sex toy claiming up to $199.

(via The Guardian)