Tenga, a Japanese sex toy manufacturer, has notified customers of a data breach. According to an email obtained by TechCrunch, an unauthorized party gained access to the professional email account of one of the company’s employees.
This access potentially allowed the hacker to view and steal customer information, including names, email addresses, and historical email correspondence. That correspondence may include order details or customer service inquiries. The hacker also used the compromised account to send spam emails to the employee’s contacts, which included customers.
The company has not disclosed the total number of customers affected by this incident. Tenga’s website states it has shipped over 162 million products worldwide. Given the intimate nature of Tenga’s products, the exposed order details and service inquiries likely contain sensitive information customers would prefer to keep private.
Tenga recommends that customers change their passwords as a precaution and remain vigilant for suspicious emails, particularly any appearing to come from the specific employee whose account was breached. The company says it has taken several security measures following the breach, including resetting the compromised employee’s credentials and enabling multi-factor authentication across its systems to prevent access with stolen passwords. Tenga did not respond to inquiries about whether multi-factor authentication was in place on the email account prior to the breach.
Tenga was founded in 2005 and is headquartered in Tokyo. It sells a variety of sex toys, primarily for men. It is unclear if the breach affected customers outside the United States, as the notification email came explicitly from Tenga Store USA.
Tenga is the latest in a series of sex toy makers and adult websites to suffer data breaches. Other affected companies in recent years include Lovense, Pornhub, and SexPanther.