Sex toy company Tenga informed its customers about a data breach on Friday, as per an email acquired by TechCrunch. The Japanese firm explained that “an unauthorized party accessed the professional email account of one of our employees,” allowing the hacker to potentially view and steal customer names, email addresses, and past email correspondences, which might contain order details or customer service inquiries. The hacker also sent spam emails to the compromised employee’s contacts, including customers.
Post-publication of this article, a Tenga spokesperson informed TechCrunch that the breach affected “approximately 600 people” in the U.S., following a forensic review. “We have proactively reached out to those potentially impacted to ensure their safety and provide guidance,” the spokesperson added. Tenga’s site mentions shipping over 162 million products globally.
Order details and customer service inquiries may contain sensitive information that customers would prefer to keep private, especially considering the nature of Tenga’s products. The company advised customers to change their passwords and remain alert for suspicious emails, especially those from the specific breached employee.
Tenga took actions following the breach, such as resetting the affected employee’s credentials and enabling multi-factor authentication across systems, a basic security measure that prevents account access through stolen passwords. However, the spokesperson did not disclose if multi-factor authentication was in place on the email account before the breach.
Founded in 2005 and based in Tokyo, Tenga specializes in a variety of sex toys predominantly for men. It’s not clear if the breach affected customers outside the U.S., as the email was from Tenga Store USA.
Tenga joins a list of sex toy makers, like Lovense, and adult websites, such as Pornhub and SexPanther, that have faced hacks.
First published on February 13. Updated with comments from a Tenga spokesperson.