Think a sex toy with built-in surveillance sounds far fetched? Think again! While ComeNPlay.ca would never sell toys with spy capabilities, Canadian toy company We-Vibe actually created a “smart” vibrator that tracked users’ sexual activities and secretly sent that data back to its parent company. While the toy was in use, We-Vibe secretly collected intimate information without the users’ knowledge, such as vibration intensity and temperature.

Here’s how this sneaky toy worked: The We-Vibe 4 Plus vibrator was connected to Bluetooth, and controlled through a uniquely developed app. It was marketed as an erotic toy for couples, allowing them to “Keep their flame ignited,” whether they’re far apart or together. The toy’s controls could be activated remotely, so couples were able to use the toy during phone or video calls.

That’s the good news. That bad news is the app that controlled the vibrator was not secured, meaning it was possible for anyone within Bluetooth range to take control of it. There were many other security and privacy vulnerabilities, as well. During use, data was collected and sent back to Standard Innovation, revealing intimate information about each user’s sexual habits.

The serious flaws with the We-Vibe were discovered by New Zealand-based hackers at the 2016 Def Con Hacking Conference in Las Vegas, Nevada. While they were speaking at the conference, they pointed out the toy’s “serious issue” and equated “unwanted activation” of a vibrator as potentially sexual assault.

After losing a class-action lawsuit, We-Vibe’s parent company Standard Innovation was ordered to pay damages to the toy owners. Owners were also entitled to the full amount of both the app and vibrator.